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Abstract 

One-time programs are modelled after a black box that allows a single evaluation of a func- 
tion, and then self-destructs. Because software can, in principle, be copied, general one-time 
programs exists only in the hardware token model: it has been shown that any function admits 
a one-time program as long as we assume access to physical devices called one-time memo- 
ries. Quantum information, with its well-known property of no-cloning, would, at first glance, 
prevent the basic copying attack for classical programs. We show that this intuition is false: 
one-time programs for both classical and quantum maps, based solely on quantum information, 
do not exist, even with computational assumptions. We complement this strong impossibility 
proof by an equally strong possibility result: assuming the same basic one-time memories as 
used for classical one-time programs, we show that every quantum map has a quantum one-time 
program that is secure in the universal composability framework. Our construction relies on a 
new, simpler quantum authentication scheme and corresponding mechanism for computing on 
authenticated data. 
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1 Introduction 



A one-time program for a function /, as introduced by Goldwasser, Rothblum and Kalai [GKR08], 
is a cryptographic primitive by which a receiver may evaluate / on only one input, chosen by the 
receiver at run time: no efficient adversary, after evaluating the one-time program on x, should 
be able to learn anything about f{y) for any y ^ x beyond what can be inferred from /(x). 
Secure one-time programs could have far reaching implications in software protection, digital rights 
management, and electronic cash or token schemes. (For example, coins are a program that can 
only be run once, and thus cannot be double spent.) 

One-time programs cannot be achieved by software alone, as any software can be copied and 
executed multiple times. Thus, any hope of achieving any one-time property must necessarily rely 
on an additional assumptions such as secure hardware or interaction; in particular, computational 
assumptions alone will not suffice. 

1.1 Classical one-time programs from one-time memories 

Goldwasser et al. showed how to construct a one-time program for any function / using a very 
basic hypothetical hardware device called a one-time memory (OTM). Inspired by the interactive 
cryptographic primitive oblivious transfer, each OTM stores two secret strings {sq^si). A receiver 
requests one of these two strings by specifying a single-bit input c G {0, 1}. The OTM reveals Sc 
and then self-destructs: the other string Sc is lost forever. 

One advantage of using OTMs as a building block is their simplicity: an OTM is an extremely 
basic device that does not perform any computation. Using the simplest possible hardware device 
allows for easier scrutiny against potential hardware flaws such as side-channel attacks. Moreover, 
the functionality of an OTM is independent of the program itself, and thus OTMs could be mass- 
produced for a variety of programs. The use of tamper-proof hardware in cryptography is an old 
and recurring theme [SmiSl], and OTMs in particular have lead to a recent revival in ascertaining 
what cryptographic primitives can be constructed using minimalistic hardware assumptions that 
could not otherwise be achieved. 

Non-interactive secure two-party computation. Goyal, Ishai, Sahai, Venkatesan, and 
Wadia [GIS^IO] improved on the work of Goldwasser et al. [GKR08] in several ways. First, they 
consider a more general primitive, which they call non-interactive secure two-party computation, in 
which two parties wish to evaluate a publicly known function f{x,y). One party — the sender — is 
given the input string x. The sender uses x to prepare a "program" p{x) and sends this program 
to the receiver. The receiver wishes to use the program p{x) in order to evaluate f{x,y) for any 
input string y of her choice. Like one-time programs, after evaluating f{x,y), no adversary should 
be able to learn anything about f{x,y') for any y' ^ y beyond what can be inferred from f{x,y). 
The one-time programs of Goldwasser et al. are recovered as a special case of this primitive by 
viewing the input x as a description of a function gx{y) and the publicly known function / as a 
"universal computer" that produces f{x,y) = gxiv)- Non-interactive secure two-party computation 
is impossible in the plain model for the same reason that one-time programs are impossible in the 
plain model: software can always be copied. 

Second, the one-time programs of Goldwasser et al. are secure against a malicious receiver; the 
issue of a malicious sender does not arise in their setting. By contrast, in the more general setting 
of non-interactive secure two-party computation one could also consider malicious senders. The 
protocol of Goyal et al. is secure against both a malicious receiver and a malicious sender. 
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Third, Goldwasser et al. use OTMs for large strings, whereas Goyal et al. require OTMs for 
only single hits. Finally, Goldwasser et al. establish security against computationally bounded 
adversaries, whereas Goyal et al. establish statistical universally composable security. 

Terminology: For brevity, we use the term one-time program (OTP) synonymously with 
"non-interactive secure two-party computation". 

1.2 Impossibility of quantum one-time programs in the plain model 

In contrast to ordinary classical information, quantum information cannot in general be copied: 
measurement is an irreversible, destructive process [WZ82]. The no-cloning property of quantum 
information is credited for such classically impossible feats as quantum money [AC12, MSIO, Wic83], 
quantum key distribution [BB84], and quantum copy-protection [Aar09]. It is thus natural to ask 
if one-time programs can be added to this list of quantum cryptographic primitives: does quantum 
information allow for one-time programs without hardware assumptions? (When there are no 
hardware assumptions, we refer to this as the plain quantum model.) 

We observe in Section 3 that the answer to this question is a strong no: although quantum 
information cannot be copied, a quantum "program state" for / can always be re-constructed by a 
reversible adversary after each use so as to obtain the evaluation of / on multilple distinct inputs. 
In particular, computational assumptions do not help to achieve quantum one-time programs. 

One-time programs for quantum channels. By analogy to classical functions acting on 
bits, one could also consider a one-time program for a quantum channel $ : (A, B) — t- C acting on 
multi-qubit registers A (the sender's input), B (the receiver's input), and C (the receiver's output). 
The security goal is similar in spirit to that for classical functions: for each joint state p of the 
input registers (A, B) no adversary should be able to learn anything about ^{p') for any state p' ^ p 
beyond what can be inferred from ^{p). 

Here, again, our previous observation on the impossibility of quantum one-time programs in 
the plain model holds: if a quantum program allows the adversary to evaluate ^{p) then that same 
program can be recovered by a reversible adversary in order to subsequently evaluate $(p') for 
any p' that can be obtained from p by a local operation on B. 

1.3 Main result: quantum one-time programs from one-time memories 

Given that one-time programs do not exist for arbitrary quantum channels in the plain quantum 
model, and that one-time programs do exist for arbitrary classical functions in the OTM model, a 
natural question arises: what additional assumptions are required to achieve one-time programs for 
quantum channels? 

Our main result (Theorem 7) is that any channel <I> can be compiled into a quantum one-time 
program (QOTP), which is a combination of quantum states and OTMs that allows a receiver 
to evaluate $ exactly once. In particular, (and perhaps surprisingly) single-bit classical one-time 
memory devices suffice to establish quantum one-time programs for arbitrary quantum channels. 
An informal version of Theorem 7 is as follows: 

Main theorem (informal). For each channel ^ specified by a quantum circuit, there is a non- 
interactive two-party protocol for the secure evaluation of assuming classical one-time memory 
devices and an honest sender. Moreover, this protocol is universally composable (UC-secure). 

We provide a fully rigorous proof of statistical universally composable (UC) security of our 
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QOTPs. The question of QOTPs that are also secure against a mahcious sender is left for future 
work. For simplicity, we restrict our attention to the case of non-reactive one-time quantum pro- 
grams. The more general scenario of being able to query a program a bounded number of times 
(including the case of an n-use program) may be implemented using standard techniques as is done 
in the classical case (see Section 2.3). Most of the components of our QOTP for $ are independent 
of the sender's input register A and so can be compiled (and mass-produced) by the sender before 
he receives his input. As a corollary of our main result we obtain the UC security of the protocol 
for delegated quantum computations of Aharonov, Ben-Or and Eban [ABOEIO]; see Section 7. 

Summary of techniques. Our protocol employs a method for quantum computing on authen- 
ticated data (QCAD), which allows for the application of quantum gates to authenticated quantum 
data without knowing the authentication key. We propose a new authentication scheme, called the 
trap scheme, and show that it allows for QCAD (Section 4.1). Prior to our work, the only authen- 
tication scheme known to admit QCAD was the signed polynomial scheme of Ben-Or, Crepeau, 
Gottesman, Hassidim, and Smith [BOCG^OG] (see also [ABOEIO]). We compare our trap scheme 
to the signed polynomial scheme in Section 4.2. Recently, and independently of our work, it was 
shown by Dupuis, Nielsen, and Salvail [DNS12] that the Clifford authentication scheme also admits 
QCAD. 

In methods for QCAD, universal quantum computation can only be performed if the receiver 
(who holds the authenticated data) is allowed to exchange classical messages with the sender (who 
knows the authentication key). To keep our protocol non-interactive, all the classical interaction is 
encapsulated by a bounded, reactive classical one-time program (BR-OTP) prepared by the sender. 
(The existence of secure reactive one-time programs follows from the work of [GIS^IO] as described 
in Section 2.3.) This program for the BR-OTP depends upon the authentication key chosen for 
the sender's input register, but not on the contents of that register. Thus, by selecting this key in 
advance, the BR-OTP can be prepared (or mass-produced) before the sender gets his input register. 

In order to implement QCAD, the receiver's input must be authenticated prior to computa- 
tion. This is accomplished non-interactively by having the sender prepare a pair of registers in a 
special "teleport-through-encode" state, which is a maximally entangled state with an authentica- 
tion operation applied to one of the two registers. The authentication key is determined by the 
(classical) result of the Bell measurement used for teleportation. The sender allows the receiver to 
non-interactively de-authenticate the output at the end of the computation by preparing another 
pair of registers in a "teleport-through-decode" state. In order to successfully de-authenticate, the 
receiver's messages to the BR-OTP must be consistent with the secret authentication key held by 
the BR-OTP. Otherwise, the BR-OTP simply declines to reveal the final decryption key for the 
receiver's output. 

1.4 Formalizing impossibility 

In preparing a formal proof that one-time programs do not exist in the plain model, one immediately 
encounters a pathological class of functions that do, in fact, admit classical one-time programs in 
the plain model. For example, consider the function /(a, h) = a+h. A potential "one-time" program 
for / has the sender simply reveal a to the receiver. Curiously, this is indeed a "one-time" program, 
because this behaviour can be simulated with one-shot access to the ideal functionality /(a, •): the 
query /(a, 0) reveals a, which is exactly the one-time program prepared by the sender. Put another 
way: / is a function for which there exists a one-time program in the plain model, but only because 
the one-time program reveals enough information that even a simulator with one-shot access to 
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/(a, •) can gain all information required to compute the function. This phenomenon is somewhat 
akin to trivially obfuscatable functions [BGl+01]. 

An interesting question thus arises: what is the class of classical functions or quantum channels 
that admit one-time programs in the plain model? We provide a complete characterization of this 
class for classical functions. In particular, we define a class of unlockable functions consisting of 
those functions / for which there exists at least one key input bo such that for all a the value f{a, h) 
can be recovered from /(a, 60) for any desired h. We prove the following. 

Impossibility theorem for classical functions (informal). // / is unlockable then f admits 
a trivial classical one-time program in the plain model. Conversely, if f is not unlockable then f 
does not admit a quantum one-time program in the plain quantum model. 

The situation for quantum channels is very interesting. We propose two definitions for the 
unlockability of a channel, which we call weakly unlockable and strongly unlockable (Definition 3). 
We prove the following. 

Impossibility theorem for quantum channels (informal). If ^ is strongly unlockable then 
^ admits a trivial quantum one-time program in the plain quantum model. Conversely, if ^ is not 
weakly unlockable then 4> does not admit a quantum one-time program in the plain quantum model. 

By definition, every strongly unlockable channel is also weakly unlockable. We conjecture that 
the converse also holds (Conjecture 6.) In lieu of a full proof, we provide a high-level outline of 
what such a proof might look like in Section 3.4. It appears, in asking a question about unlockable 
channels, that we have stumbled upon a deep and interesting question relating to the invertible 
subspaces of an arbitrary channel, akin to the so-called "decoherence-free" subspaces studied in the 
literature on quantum error correction. 

1.5 Related work 

Copy-protection. In software copy-protection [Aar09], a program can be evaluated (a possibly 
unlimited number of times), but it should be impossible for the program to be "split" or "copied" 
into parts allowing separate executions. As with OTPs, copy-protection cannot be achieved by 
software means only. OTPs provide a hardware solution by enforcing that the program be run 
only once. However, the more interesting question is if quantum information alone (with computa- 
tional assumptions) can provide a solution. Aaronson [Aar09] has proposed such schemes based on 
plausible, but non-standard, cryptographic assumptions. It is an open problem if quantum copy- 
protection could be based on standard assumptions. In contrast, the security of quantum OTPs 
is based on simple OTMs; it could be beneficial to study quantum copy-protection in light of our 
result. 

Quantum money. Our construction establishes quantum authentication codes (see Section 4.1) 
that seem to provide a concrete and efficient realization of the "hidden subspaces" used for public- 
key quantum money scheme of Aaronson and Christiano [AC12]. Our QOTPs can also be used to 
implement non-interactive verification for quantum coin schemes [MSIO]. 

Program obfuscation. A related but different task is program obfuscation, in which the receiver 
should not be able to efficiently "learn" anything from the description of the program that he 
could not also efficiently learn from the input-output behaviour of the program. In the case of 
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classical information, it is known that secure program obfuscation is not possible in the plain 
model [BGI"^01]. As with copy-protection, OTPs provide a hardware solution by enforcing that 
the obfuscated program can be run only a limited number of times. Again, the more interesting 
question is if quantum information alone (with computational assumptions) can provide a solution; 
the impossibility proof for obfuscation breaks down in the quantum case due to the no-cloning 
theorem. It is an open problem whether there is a way to substitute the assumption of secure 
hardware in our main possibility result with a computational assumption in order to realize quantum 
program obfuscation. 

2 Notation and tools 

A quantum register is a specific quantum system (composed, say, out of qubits). Quantum registers 
are typically denoted with sans serifs such as A, B, etc. A quantum channel <^ : A — t- B refers to any 
physically-realizable mapping on quantum registers. We use the terms quantum map and quantum 
channel interchangeably. 

2.1 Universal composability 

The universal composability (UC) framework provides an extremely high standard for establishing 
a strong and rigorous notion of security. The basic idea is to postulate an ideal world, where 
the protocol parties interact with an ideal functionality, which is secure by definition. Then, we 
consider the real world, where the protocol parties execute the actual protocol. UC-security holds 
if, for every real-world adversary, there exists a simulator in the ideal world (taking the role of 
the real-world adversary) such that no environment can distinguish the real and ideal worlds. The 
environment is powerful: it provides the parties' inputs, receives outputs and interacts with the 
adversary at arbitrary points in the protocol. Perfect, statistical, and computational notions of 
UC security exist depending on the two worlds being equal or statistically or computationally 
indistinguishable. 

The UC framework was developed in the classical world by Canetti [CanOl] and independently 
(under the name of reactive simulatability) by Pfitzmann and Waidner [PWOl]. The model was ex- 
tended to the quantum world by Ben-Or and Mayers [BOM04] and independently by Unruh [Unr04]. 
Here, we follow the simplified UC framework as presented by Unruh [UnrlO], to which we refer for 
the description of the model, definitions, and theorems. 

Via the composition theorem, this framework allows to rigorously prove results that are maxi- 
mally useful for future work: our results can easily be embedded within a larger construction and 
at the same time we can use prior constructions without having to re-visit their security proofs. 
Another key result is Unruh's quantum lifting theorem [UnrlO] establishing that, in the statistical 
case, classical-UC-secure protocols are also quantum-UC-secure. 

Our main possibility result heavily relies on classical one-time programs, for which a (classical) 
UC-secure instantiation exists assuming one-time memories [GIS^IO]. In particular, we require 
bounded reactive OTPs, which we construct by extending the results of Goyal et al. [CIS"'' 10] (see 
Section 2.3). 

Some notable variations of Unruh's terminology and definitions follow. 

Out of the two protocol parties (the sender and the receiver), we consider security only in 
the case of the receiver being a corruption party. This is the meaning of, e.g. "vr statistically 
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quantum-UC- emulates p in the case of a corrupted receiver". 

In our scenario involving a corrupted receiver, we make use of a property related to the tran- 
sitivity of UC-security [UnrlO] (see Lemma 1); the proof is very similar to the original proof of 
transitivity. 

Lemma 1. Let n, a and p he protocols with parties {sender, receiver}. Suppose that tt statisically 
quantum-UC- emulates p and that p statistically quantum-UC- emulates a in the case of a corrupted 
receiver. Then tt statistically quantum-UC- emulates a in the case of a corrupted receiver. 

Combining Lemma 1 with the quantum universal composition theorem [UnrlO] and the quantum 
lifting theorem [UnrlO] we get Corollary 1.1 below, which is essential in the proof of our main 
possibility theorem (Theorem 7). 

Corollary 1.1. Let tt, and p be protocols with parties {sender, receiver}. Suppose tt statistically 
classical- UC- emulates J- . Suppose that p'^ statistically quantum-UC- emulates Q in the case of a 
corrupted receiver. Then p^ statistically quantum-UC- emulates Q in the case of a corrupted receiver. 

2.2 Ideal functionalities 

We now describe the relevant ideal functionalities. All functionalities involve two parties, the sender 
and the receiver. An ideal functionality may exist in multiple instances and involves various parties. 
Formally, instances are denoted by session identifiers and each instance involves labelled parties. 
For the sake of simplicity, we have omitted these identifiers as they should be implicitly clear from 
the context. 

The ideal functionality J^C)TM ^ one-time memory (OTM) is a two-step process modelled 
after oblivious transfer. We sometimes refer to this functionality J^otm QTM token. 



Functionality 1 Ideal Functionality J^^tm^ 

1. Create: Upon input (sq, si) from the sender with sq, si G {0, 1}, send create to the receiver 
and store (sq, si). 

2. Execute: Upon input c G {0, 1} from the receiver, send s := Sc to the receiver. Delete any 
trace of this instance. 

Next we describe the ideal functionalities F^^^ and J-^"^^ of a one-time program for a classical 
function / and a quantum channel respectively. Note that the map that is computed (/ or 

is a public parameter of the functionality and it takes an input from the sender and an input 
from the receiver. We thus view these ideal functionalities as having the property of hiding the 
sender's input only. If the intention is to to hide the map m itself — as in the intuitive notion of 
one-time programs — then we can consider a universal map U that takes as part of its sender's input 
a program register representing m (see [BFGHIO, NC97, dSROT]). 

Functionality 2 Ideal functionality -^/*^^ for a classical function / : {0, 1}"+™- — ). {0, l}'^. 

1. Create: Upon input a G {0, 1}" from the sender, send create to the receiver and store a. 

2. Execute: Upon input h G {0, 1}™" from the receiver, send f{a,b) to the receiver. Delete any 
trace of this instance. 
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Functionality 3 Ideal functionality J-^"^^ for a quantum channel <I> : (A, B) — )■ C. 

1. Create: Upon input register A from the sender, send create to the receiver and store the 
contents of register A. 

2. Execute: Upon input register B from the receiver, evaluate $ on registers A, B and send the 
contents of the output register C to the receiver. Delete any trace of this instance. 



It is clear from the description of these ideal functionalities that they may be called only a 
single time. However, we may sometimes emphasize this in expressions such as "one-shot access to 
an ideal functionality computing /" . 

Functionalities 1-3 are sender- oblivious since they take an input from the sender and an input 
from the receiver and deliver the result of the functionality to the receiver (but not the sender). 
Moreover, they are non-reactive since they interact with the sender and the receiver in a single 
round. Reactive functionalities are more general, potentially having several rounds of inputs and 
outputs and maintaining state between rounds. In Section 2.3 we consider an ideal functionality for 
bounded reactive classical one-time programs; the ideal functionality for bounded-reactive OTPs is 
specified in Appendix A. 

2.3 Classical one-time programs 

Our construction relies heavily on classical OTPs, the construction of which is given by Goyal et al. [GIS^IO]: 

Theorem 2. Let f be a non-reactive, sender- oblivious, polynomial-time computable classical two- 
party functionality. Then there exists an efficient, non-interactive protocol which statistically 
classical- UC- emulates J^j*"^^ in the J^^'^^ -hybrid model. 

In Appendix A, we use straightforward techniques to extend this result to sender-oblivious, 
polynomial-time computable, bounded reactive classical two-party functionalities. The main result 
on reactive OTPs, as used in our construction in Section 4, is: 

Corollary 2.1. There exists a non-interactive protocol a that statistically classical-UC-emulates 
Tg^:,'^J^ in the T'^™ -hybrid model. 

3 Impossibility of non-trivial OTPs in the plain model 

We now consider whether classical functions or quantum channels admit one-time programs in the 
plain quantum model. We will see that it is precisely maps that are unlockable — meaning there 
is a key^ input to the map that unlocks enough information to fully simulate the map — that have 
one-time programs in the plain model, and that these one-time programs are in a sense trivial. For 
quantum channels, we will have two versions of unlockable, the difference being whether the key 
that unlocks the channel is a state [strongly unlockable) or a channel that transforms a given input 
{weakly unlockable). 

Our possibility result shows that every strongly unlockable channel admits a trivial one-time 
program in the plain quantum model, and in fact that this protocol is UC-secure. Our impossibility 
result shows that every channel that is not weakly unlockable does not admit a one-time program 

^Note we use "key" not in the cryptographic sense of a secret key, but in the metaphorical sense of something that 
unlocks a lock. 
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in the plain quantum model; our impossibility result holds even if we relax to an approximate case 
or allow computational assumptions.^ As we will see, it is easy to establish that the weak and 
strong unlockable notions are equivalent for classical functions, but whether they are equivalent 
for quantum channels is an open question, which we note appears to be an interesting and deep 
question related to invertible subspaces of a channel. 

3.1 One-time programs in the plain quantum model 

Here, we formalize some concepts relating to one-time programs in the plain quantum model. 

A protocol for a quantum one-time program in the plain model consists of a single quantum 
message, the program register P, from the sender to receiver. Thus, the actions of the honest sender 
in such a protocol are completely characterized by an encoding channel enc : A — t- P that the sender 
applies to her portion of the joint input so as to prepare a program register for the receiver. In 
particular, for any joint state p of the input registers (A, B) the joint state of the registers (P, B) 
in the receiver's possession after the program register has been received is given by (enc (8) 1b)(/o)- 
From this state we would like the receiver to be able to recover ^{p). That is, there should exist a 
decoding channel dec : (P, B) — t- C for the honest receiver such that the channels dec o enc and 
are indistinguishable. A comparison of the ideal and real models for one-time programs is given in 
Figure 1. 



(a) Ideal world (b) Real world 




Figure 1: (a) In the ideal world, the receiver obtains the output of the ideal functionality for $ on 
arbitrary input registers (A, B). (b) In the real world, encoding and decoding maps implement the 
functionality, namely dec o enc ~ 

By the completeness of the dummy-adversary [UnrlO], it is sufficient, in order to establish UC- 
security, to consider only the case of the dummy-adversary who forwards the program register, P, 
to the environment. Thus, UC-security is established by exhibiting a simulator that can re-create 
a state that is indistinguishable from the joint state (enc (8> 1b)(/o) of registers (P, B), using only 
the ideal functionality; recall indistinguishability is from the perspective of the environment, and 
could be perfect, statistical, or computational as appropriate. The corresponding channels are 
depicted in Figure 2. Here, the simulator (simi,sim2) consists of channels simi : B — t- (B', M) and 
sim2 : (C, M) — t- (P, B), where M is a private memory register for the simulator, security holds if 
the channels sim2 o ^ o simi and enc iS" 1b are indistinguishable. 

3.2 Trivial one-time programs for unlockable channels 

Intuitively, a one-time program for a channel means that no receiver can learn more than he could 
given one-shot access to an ideal functionality. However, there are certain channels where one-shot 
access to the ideal functionality is enough to fully simulate the map for a fixed choice of the sender's 

^Although our impossibility result is stated in the UC framework, the impossibility is not an artifact of the high 
level of security required of UC, but seems inherent in the notion of OTPs, and the impossibility argument applied 
for any relaxation we attempted. 



11 



(a) Real world (b) Simulator 
A 





sinii 




sim2 









p 

B 



Figure 2: (a) The sender prepares the program register P by applying enc to A. The sender cannot 
touch B. (b) A simulator (simi, sim2) should be able to re-create an indistinguishable state of (P, B) 
using only the ideal functionality ^. 



input. Such channels — which we call unlockable — effectively have trivial one-time programs, as we 
will see in this section. 

Definition 3. A channel ^ : (A, B) — )• C is strongly unlockable if there exists a register K, a key 
state ^0 of (B, K) and a recovery algorithm (i.e., channel) A : (C, K, B) — >• C with the property that 
Ao ^ ^ , where the channel <I>o is specified by 

$0 : A ^ (C, K) : A ^ 1k)(A ^o) • 

A channel <I> : (A, B) — )• C is weakly unlockable if there exists a register K and a key channel 
Ho : B — (B, K) such that the channel <I> o Hq has the following property: for every choice of 
registers E and channels ^' : B — (B, E) for the receiver there exists a recovery algorithm (i.e., 
channel) A\jj : (C, K) — )■ (C, E) such that: 



$ o ^ 



Here, ~ can denote perfect, statistical, or computational indistinguishability; in all cases, chan- 
nels $0; A, Ho, and A^ must be efficient. □ 

See Figure 3 for diagrams representing strongly and weakly unlockable channels. 

(a) Strongly unlockable (b) Weakly unlockable 





output ^ <I>(p) 



output <I)($(p)) 



Figure 3: (a) For a strongly unlockable channel there exists a key state and a recovery 
algorithm A that allows computation of ^{p) for any p. (b) For a weakly unlockable channel 
there exists a key channel Hq such that for any channel ^ there exists a recovery algorithm A^ 
that allows computation of ^{^{p)) for any p. 



It is easy to see that every strongly unlockable channel is also weakly unlockable: if is the key 
state for $, then the key channel Hq generates sends the B register of to ideal functionality $ 
and the K register of and the B register of p to =Ao"if. 

When the channel ^ is an entirely classical mapping, the definitions of strongly unlockable and 
weakly unlockable are equivalent. A simplification for the classical case is as follows (we restrict to 
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the perfect case for clarity). A classical function f : A x B ^ C is unlockahle if there exists a key 
input bo & B and a recovery algorithm A : C x B ^ C such that, for all a € A and b G B, we have 
that f{a,b) = A{f{a,bo),b). Intuitively, for an unlockable function, there exists an algorithm that 
can compute all values of /(a, •) given a one-time program for /(a, •), but this is okay, because a 
simulator, given one-shot oracle access to /(a,-), can also compute f{a,b) for all b. This function 
is "learnable" in one shot, and so a simulator can do everything any algorithm can. 

Simple examples of strongly unlockable channels include all unitary channels of the form $ : 
X I— )■ UXU* for some unitary U and all constant channels of the form ^ : X Ti{X)a for some 
fixed state a. Simple examples of unlockable functions include permutations. 

We can now see that strongly unlockable channels have one-time programs; in fact, trivial 
one-time programs. 

Theorem 4. Let ^ : (A, B) — )• C 6e a non-reactive, sender- oblivious polynomial-time quantum com- 
putable two-party functionality. Then if ^ is strongly unlockable, there exists an efficient, quantum 
non-interactive protocol which quantum-UC-emulates T^"^^ in the plain quantum model. 
This holds in the perfect, statistical and computational cases. 

Proof. The protocol is simple. 

1. Create: The sender prepares the program register P = (C, K) by preparing registers (B', K) 
in the key state and applying ^ to (A, B'). In other words, the sender's encoding channel 
enc is given by enc = $0) where $0 is as in the definition of strongly unlockable. 

2. Execute: Because 4> is strongly unlockable, the receiver can recover the action of ^ = Ao^q 
simply by applying the recovery algorithm A to (P, B). In other words, the receiver's decoding 
channel dec is given by dec = A. 

Clearly, because $ is strongly unlockable, the output of the honest receiver in the real model is 
indistinguishable from the output of the ideal model. 

According to the discussion in Section 3.1, in order to show that this protocol is secure, it 
suffices to exhibit a simulator that can emulate the channel enc (8) 1b = *I*o ® 1b using only the ideal 
functionality. But this is easy: the simulator can emulate $0 ® 1b simply by preparing registers 
(B', K) in the key state ^0 and using the ideal functionality. Formally, the simulator (simi,sim2) is 
specified by simi : B — t- (B', K, B) : X (^q Y and sim2 = /, so that 

sim2 o $ o simi : X (g) T i-> (g) 1k)(X (g) ^0) ^ = ^o(-^) Y 

as desired. (See Figure 2.) □ 

Theorem 4 is in the quantum model; it is not hard to see by its proof that if $ is in fact a 
classical channel, then the resulting protocol vr is a purely classical protocol. 

3.3 Impossibility of one-time programs for arbitrary channels 

Having seen that, in the plain model, one-time programs do exist for strongly unlockable channels, 
we now see that they do not exist for weakly unlockable channels. 

Theorem 5. Suppose $ : (A, B) — )■ C is a non-reactive, sender-oblivious polynomial-time quantum 
computable two-party functionality, and suppose that $ admits an efficient, non-interactive quantum 
protocol which quantum-UC-emulates J-^"^^ in the plain model. Then $ is weakly unlockable. 
This holds in the perfect, statistical and computational cases. 
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The intuition of the proof is as follows. If a channel has a one-time program, then for any 
adversary there exists a simulator that can match the behaviour of the adversary. In particular, 
there must be a simulator that matches the behaviour of the dummy adversary that just outputs 
the program state: thus, there must be an algorithm that can reconstruct the program state given 
the output of the channel, thus allowing computation for any output, meeting the definition of a 
weakly unlockable channel. 

Proof. Suppose $ is as in the theorem statement. By the discussion in Section 3.1, there exists 
an encoding channel enc : A — )• P for the sender and a decoding channel dec : (P, B) — )• C for 
the receiver such that dec o enc is indistinguishable from Moreover, there exists a simulator 
(simi, sim2) with sim2 o $ o simi being indistinguishable from enc <8) Ib- 

We claim that $ is weakly unlockable with key channel Hq = simi and recovery algorithm given 
by Ais/ = dec o ^ o sim2 for any choice of To this end fix a choice of ^' : B — t- (B, E). The 
channels ^ and enc commute, as they act on different input registers. Thus using ~ to indicate 
computational, statistical, or perfect indistinguishability, depending on the scenario, 



An alternate intuition for the impossibility result for classical functions can be found by consid- 
ering rewinding. Any correct one-time program state px for a classical function /(x, •) must result 
in the receiver obtaining an output state px,y that is (almost) orthogonal in the basis in which the 
receiver measures it, because the measurement of px,y results in f{x,y) with (almost) certainty. As 
a result, measurement does not disturb the state (much), so the receiver can reverse the computa- 
tion to obtain (almost) the program state again, and then rerun the computation to obtain f{x, y') 
for a different y' . It is possible to give a proof for impossibility of OTPs for classical functions in 
the plain quantum model using this rewinding argument. Impossibility for classical functions also 
follows as a special case of the impossibility shown in [BCS12]. 

3.4 A conjecture on unlockable channels 

As noted earlier, every strongly unlockable channel is also weakly unlockable. We conjecture that 
the converse also holds: every weakly unlockable channel is also strongly unlockable. Though we 
do not yet have a formal proof of this conjecture for arbitrary we can nonetheless provide a 
high-level outline of what such a proof might look like. 

Conjecture 6. Every channel <I> : (A, B) — t- C that is weakly unlockable is also strongly unlockable. 
Proof outline. Let a be any mixed state of a register B' = B and consider the channel 



$ o ^dummy : (A, B) ^ {C, B) : A (g) B ^ ^{A (g)a)(S)B. 

That is, the channel ^'dummy swaps out the receiver's input register B with a dummy register B' in 
state a before ^ is applied. By definition, the channel ^ o ^'dummy does not touch B. 



$ o ^ w dec o enc o ^ = dec o o enc ~ dec o ^> o sim2 o $ o simi 



□ 




^-dummy : B ^ (B', B) : B ^ a B 



so that 
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Let EQ,Aqi witness the weak unlockability of ^. For the choice ^ = ^'dummy it holds that the 
channel 

^^iummy o $ o Hq = o ^dummy 

also must not touch B. Hence it must be that the channel <I> o Hq is invertible on B. 

By enlarging the key register K as needed, we may assume without loss of generality that Hq 
is implemented by an isometry S. Thus, in order to be invertible on B it must be that for each 
pure state \^p) of B the state S\xp) of (B, K) can be recovered after $ acts on B. In other words, 
$ must be invertible on the subspace Bi^v of the state space of register B containing the image of 
Tn(^{S\ip){ip\S*) for every choice of \^p). 

Before putting B through <I> an alternate key channel Hq could coherently swap out the subspace 
Sinv with some portion of the key register K in any fixed state ^. Then, after receiving C from 
the alternate recovery algorithm AL could perform the inversion operation to recover ?, swap 

^ dummy 

this state back into the key register, and then perform the inverse of the inversion operation on 
S\^) so as to apply <1> to this state. These modifications yield the desired simulator. □ 

For the proof of the conjecture to go through, we need the invertibility of ^ on the aforemen- 
tioned substance Bmv to hold. It appears, then, that we have stumbled upon an interesting and deep 
question relating to the invertible subspaces of a channel, akin to the "decoherence-free" subspaces 
studied in the literature on quantum error correction. 

4 Constructing quantum OTPs from OTMs 

We now state our main possibility theorem which establishes non-interactive unconditionally secure 
quantum computation using OTM tokens. 

Theorem 7. Let <1> be non-reactive, sender-oblivious polynomial-time quantum computable two- 
party functionality. Then there exists an efficient, quantum non-interactive protocol which statisti- 
cally quantum- UC- emulates J-^"^^ in the case of a corrupt receiver, in the J^^^^ -hybrid model. 

The proof of Theorem 7 follows directly from Theorem 8 below, together with Corollary 2.1, 
the quantum lifting theorem as well as Lemma 1. 

Theorem 8. Let ^ be a non-reactive, sender- oblivious polynomial-time quantum computable two- 
party functionality. Then there exists an efficient, statistically quantum- UC-secure non-interactive 
protocol which realizes J-^^^ in the case of a corrupt receiver, in the T^^''^"^^ -hybrid model. 

The proof of Theorem 8 is presented in the following sections, which we briefly highlight here; 
a detailed outline follows in the next section. 

1. Section 5 presents our new trap authentication scheme, a type of quantum authentication 
code. We show how perform a universal set of quantum gates {X, Y , Z, cnot, i-shift and 
7r/8 phases, and H) on authenticated data without knowing the authentication key. 

2. Section 6 presents our protocol for quantum one-time programs and the proof its security. 
Since computation on authenticated data requires updates to be performed that are dependent 
on the authentication key, our protocol uses a reactive classical one-time program (based 
on one-time memories) to allow the receiver to non-interactively implement the required 
operations to correctly compute on the sender's authenticated data. 

The following sections 4.1-4.5 provide an overview of the proof and related techniques. 
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4.1 Quantum authentication codes 

A quantum authentication scheme consists of procedures for encoding and decoding quantum in- 
formation with a secret classical key k such that an adversary with no knowledge of k who tampers 
with encoded data will be detected with high probability. Quantum authentication codes were first 
introduced by Barnum, Crepeau, Gottesman, Smith and Tapp [BCG+02]. 

Some of the known quantum authentication schemes have the following general form. Quantum 
information is encoded according to some quantum error detecting code E chosen uniformly at 
random from a special family £' of codes. The encoded quantum data is then encrypted according 
to the quantum one-time pad, meaning that a uniformly random Pauli operation P is applied to 
the data encoded under E. The secret classical key for schemes of this form is the pair (E, P) 
describing the choice of code E and encryption Pauli P. Authenticated quantum data is later 
verified by decrypting according to P and then decoding according to E. Verification passes only if 
the error syndrome for E indicates no errors. Terminology: In this paper authentication schemes 
of this form are called encode- encrypt schemes. 

This construction is desirable due to the remarkable property (known as the Pauli twirl [DCEL09]) 
that the Pauli encryption serves to render any attack on the scheme equivalent to a probabilistic 
Pauli attack on data encoded with a random code E G Thus, to establish a secure authentica- 
tion scheme one need only construct a family of quantum error detecting codes that detect Pauli 
attacks with high probability over the choice of E £ ^. 

Our new trap authentication scheme falls in this family of codes. The family of codes S' is 
based on any quantum error detecting code C with distance d that encodes a single qubit into n 
qubits. Authentication consists of first encoding a qubit under C and then appending n qubits 
set to |0) and n qubits set to |+). A random permutation (indexed by a classical key) is then 
applied. The first use of this code was implicit in the Shor-Preskill security proof for quantum key 
distribution [SPOO] (see also [BFK09]). 

4.2 Computing on authenticated data 

At a high level, our main protocol uses quantum authentication codes in order to protect the data 
from any tampering by the receiver during the computation. An authentication code is insufficient, 
however, because we want to implement a channel on this authenticated data, as specified by a 
quantum circuit. For this, we use techniques for quantum computing on authenticated data, as 
first established for the signed polynomial code [BOCG^06] (see also [ABOEIO]), and recently 
(and independently of our work), for the Clifford authentication code [DNS12]. More specifically, 
computing on authenticated data allows acting on the encoded registers in order to implement 
a known gate, but without knowledge of the key. Normally, any non-identity operation would 
invalidate the authenticated state, but our encoded operations, together with a key update operation, 
effectively forces the application of the desired gate, as otherwise the state would fail verification 
under the updated key. 

Encoded gates are executed in a manner similar to encoded gates in fault-tolerant quantum 
computation: some gates (such as Pauli gates or the controlled-not gate) are transversal, while other 
(such as the vr/S gate) require both an auxiliary register and classical interaction with an entity 
who knows the encoding keys. This classical interaction makes our quantum one-time program 
"interactive", but only at a classical level. Thus, by extending classical one-time programs to reactive 
functionalities, we manage to encapsulate this interaction into a classical one-time program. 
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Comparison with other methods of computing on authenticated data. Although meth- 
ods for computing on authenticated data were developed prior to our work, we believe that the 
simplicity of our trap scheme is an advantage. For example, whereas the trap scheme is defined 
for qubits, the signed polynomial scheme of Ben-Or et al. [BOCG+06] acts on d-dimensional qu- 
dits with d dictating the security of the scheme. By necessity, the universal gate set Ud for the 
polynomial scheme is different for each d. In order to use the polynomial scheme for computation 
on qubits, one must first embed the desired qu6ii computation into a qudii computation. (For 
example, a naive approach is to simply embed one qubit into each qudit and use only the first two 
dimensions.) However this embedding is chosen, one must demonstrate that gates in the original 
qubit computation can be implemented efficiently using gates from Ud- Normally, an efficient tran- 
sition between universal gate sets is implied by the Solovay-Kitaev algorithm, but this techniques 
scales poorly with d and so cannot be used for this purpose for large d. (See Dawson and Nielsen 
[DN06] and the references therein.) Although we fully expect such an embedding to admit an 
efficient implementation, it appears that the issue has not been addressed in the literature. 

Compared with the gate implementations in the recent Clifford scheme of Dupuis et al. [DNS 12], 
our trap scheme is less complex and requires less communication between the sender and the receiver 
(the Clifford scheme requires communication for all circuit elements). 

4.3 Gate teleportation 

The main outline of our protocol is now becoming clearer: the receiver executes the encoded 
circuit, using techniques for computing on authenticated data. But how does the receiver get the 
authenticated version of her data in the first place? And how does the receiver get the decoded 
output? We resolve this by using encoding and decoding gadgets that are inspired by the gate 
teleportation technique of Gottesman and Chuang [GC99]. In this technique, a quantum register 
undergoes a transformation by a quantum circuit via its teleportation through a special entangled 
state. In our case, encoding is performed by teleporting the input qubit through an EPR pair, 
half of which has itself undergone the encoding operation. By revealing the classical result of the 
teleportation, the authentication key for the output of this process is determined. Decoding is 
similar. The encoding and decoding gadgets are prepared by the sender as part of the quantum 
one-time program. 

4.4 Overview of protocol 

Given the tools and techniques described above, the structure of our protocol is as follows (although 
we suggest the use of the trap authentication scheme, the protocol and proof is applicable to any 
encode-encrypt quantum authentication scheme that admits computing on authenticated data). 

1. The sender gives the receiver an authenticated version of the sender's input, together with 
auxiliary states required for evaluating the target circuit. The sender also prepares encoding 
and decoding gadgets. 

2. The sender gives the receiver a bounded reactive classical one-time program that emulates the 
classical interaction that would occur when using the encoding and decoding gadgets, as well as 
for computing on authenticated data. 

3. The receiver uses the encoding gadget to encode his input; he then performs the target circuit 
on the authenticated data by performing encoded gates. Finally, he decodes the output using 
the decoding gadget. All classical interaction is done via the classical one-time program. 
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As a proof technique, we specify that the target circuit be given as a controlled-unitary, with the 
control set to 1, for a reason described in the simulation sketch below. 

4.5 Overview of simulator for proof 

In order to prove UC security, we must establish that every real-world adversary has an ideal- 
world simulator. This is done via a rigorous mathematical analysis of any arbitrary attack; the 
exposition of our proof is aided by a table representation we have developed for pure quantum 
states (see Section C.2). The simulator prepares a quantum one-time program as in Section 4.4, 
with the following modifications: 

1. The encoding gadget is split into two halves. The first half is a simple EPR pair, used to extract 
the input from the adversary; the second half is an encoding gadget, used to insert the output 
of the ideal functionality into the computation. 

2. The control-bit for the controlled-unitary is 0. 

3. The encoded input is a dummy encoded input. 

The simulator then executes the adversary on this "quantum one-time program". After the use 
of the encoding gadget, the receiver's input is determined and this is used as input into the ideal 
functionality. The output of the ideal functionality is then returned into the computation via 
the encoding gadget. Because the control bit is set to 0, the computation actually performs the 
identity. When the adversary is honest, the output will therefore be correct. For any behaviour of 
the adversary, our analysis shows that the ideal and real worlds are indistinguishable. The simulator 
thus indistinguishably emulates the real- world behaviour of any adversary with just a single call to 
the ideal functionality, which establishes UC security. 

5 The trap authentication scheme 

In this section we introduce the trap authentication scheme, which is an example of an encrypt- 
encode scheme as described in Section 4.1. We show how to implement gates from a universal 
set on data authenticated under this scheme (including measurement in the standard basis), from 
which it follows that the trap scheme admits QCAD. 

5.1 Definitions and notation 

In this paper we assume that a quantum error correcting code is specified by a unitary operation E 
that can be implemented by a circuit consisting entirely of Clifford gates. A data register D is 
encoded under code E by preparing two syndrome registers (X, Z) in the |0) state and applying E 
to (D,X, Z). Data is decoded by applying the inverse circuit E* and measuring the syndrome 
registers (X, Z) in the computational basis. Any non-zero syndrome measurement result indicates 
an error (or that cheating has been detected, depending on the context). These assumptions are 
met, for example, by every stabilizer code. In order to minimize the number of symbols for distinct 
quantum registers we adopt the convention that the tilde ~ denotes an encoded register. For example, 
the encoded register D consists of a data portion D plus two syndrome registers X, Z and can be 
viewed triple D = (D,X,Z). 

Let E he a code for some data register D and let Q be any Pauli acting on D. As is a Clifford 
circuit there must be a Pauli Qe acting on D with QE = EQe- 
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Definition 9. A family S is said to be e-secure against Pauli attacks if for each fixed choice of 
Pauli Q acting on D it holds that the probability (taken over a uniformly random choice of code 
E G (o) that Qe acts nontrivially on logical data and yet has no error syndrome is at most e. □ 

Formally defining the security of an authentication scheme is tricky work. (See Barnum et al. 
[BCG+02] for a discussion of definitional issues.) Fortunately, the task becomes much easier if we 
restrict attention to encode-encrypt schemes described in Section 4.1. This happy state of affairs is 
a consequence of the fact that an arbitrary attack on data authenticated under an encode-encrypt 
scheme is equivalent to a probabilistic mixture of Pauli attacks. (See below for futher discussion.) 
Thus, an encode-encrypt scheme is e-secure against against arbitrary attacks if and only if the 
underlying family S' of codes is e-secure against Pauli attacks. 

5.2 Properties of every encode-encrypt authentication scheme 

Before introducing the trap scheme we review some facts about encrypt-encode authentication 
schemes as described in Section 4.1. These facts were largely known to the community prior to the 
present work and hence a full discussion is relegated to Appendix B. Our purpose in this paper is 
to collect these facts in one convenient place and to present them in a way that is amenable to a 
discussion of QCAD. In Appendix B we formalize and prove the following facts: 

1. Any family S of codes that is e-secure against Pauli attacks immediately induces an e-secure 
encode-encrypt scheme via the construction described in Section 4.1. 

2. If the codes in S are CSS codes then measurement of logical data in the computational basis 
can be implemented by bitwise measurement of authenticated data followed by a classical 
decoding process in order to determine the measurement result. 

3. The measure-then-decode procedure of property 2 is equivalent to a decode-then-measure 
procedure in which the register D is first de-authenticated and then the logical register D 
is measured in the computational basis. In this procedure, the X-syndrome register is also 
measured in the computational basis so as to check for errors, but the Z-syndrome register 
is simply discarded without any verification. 

4. For any encode-encrypt scheme thus constructed, the measure-then-decode procedure (or 
equivalently, the decode-then-measure procedure) of property 2 is also e-secure against arbi- 
trary attacks. 

5. In any encode-encrypt scheme the code key E can be re-used to authenticate multiple distinct 
data registers, provided that each new register gets its own fresh Pauli key P. 

The proof of property 5 is easy enough that we can give it immediately. As noted in Section 
4.1 (and established in the proof of property 1 in Appendix B), the Pauli encryption serves to 
render any attack on an encode-encrypt scheme equivalent to a probabilistic mixture of Pauli 
attacks. By definition a Pauli attack is a product attack on each physical qubit in the authenticated 
registers, so security against attacks on one register implies security against attacks on all registers. 
This observation was originally made in the analysis of the polynomial authentication scheme 
[BOCG+06]. (See Ref. [ABOEIO] for a slightly more detailed discussion.) 

5.3 Trap codes yield a secure authentication scheme 

In this section we describe a method by which any code E with distance d can be used to construct 
a family S of codes that is (2/3)°'/^-secure against Pauli attacks. Codes of this form shall be called 
trap codes. It follows immediately from the discussion of Section 5.2 that trap codes yield a secure 
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authentication scheme via the encode-encrypt construction of Section 4.1. This authentication 
scheme shall be called the trap scheme. 

Furthermore, if the underlying code E is a CSS code then so is every member of the associated 
family of trap codes. In this case it follows from the discussion of Section 5.2 that measurement 
of logical data in the computational basis can be implemented securely by bitwise measurement of 
physical data plus classical decoding. 

For convenience we restrict attention to codes that encode one logical qubit into n physical 
qubits. (These are called [[n, 1, d]]-codes.) Given such a code, each member of the associated 
family S' of trap codes is a [[3n, code that is uniquely specified by a permutation vr of 3n 
elements. In particular, for each vr we construct a Clifford encoding circuit E.,^ as follows. 

1. Encode the data qubit D under E, producing an n-qubit system (D,X, Z). 

2. Introduce two new n-qubit syndrome registers X',Z' in states |0)®", |+)®", respectively. 

3. Permute all 3n qubits of (D,X, Z,X', Z') according to vr. 

The X- and Z-syndrome registers for the code Et^ are (X, X') and (Z,Z'), respectively so that 
D = (D, (X, X'), (Z, Z')). Security of this family against Pauli attacks is easy to prove. 

Proposition 10 (Security of trap codes against Pauli attacks). The family S of trap codes based 
on a code of distance d is (2/3)^^/^ -secure against Pauli attacks. 

Remark. The bound in Proposition 10 is quite weak and can probably be strengthened sig- 
nificantly by a tighter analysis. All that really matters is that the security parameter decreases 
exponentially in d. 

Proof. Let Q be a 3n-qubit Pauli. In order for Q to act nontrivially on logical data it must have 
weight w > d, owing to the fact that the underlying code E has distance d. In this case Q must 
distribute w non-identity qubit Pauli operations over the 3n qubits without triggering any of the 
traps. Let us bound the probability of such an event. 

In order to have weight w the Pauli Q must specify either an X-Pauli on at least w/2 qubits 
or a Z-Pauli on at least w/2 qubits. We analyze only the first case; a similar analysis applies to 
the second case. If any of these qubits belong to the register X' then Q will be detected as an 
error. Thus, to avoid detection all w/2 of these qubits must not belong to X' — a sample-without- 
replacement event whose probability of success is bounded by the probability of a successful sample- 
with-replacement event. The probability of success in any one sample is at most 2/3 and so the 
probability oi w/2 successful samples with replacement is at most (2/3)""/^. □ 

5.4 Performing Gates on the Trap Code 

Authentication schemes that also allow for the implementation of a universal set of quantum gates 
on authenticated data without knowing the key hold great promise for a host of cryptographic 
applications. In this section, we exhibit a universal gate set together with implementations of each 
gate in that set for the trap scheme. As discussed in Section 4.2, these techniques are used in our 
quantum one-time programs. 

Let us be more explicit about what it means to apply gates to authenticated quantum data 
without knowing the key. It is helpful to think of two parties: a trusted verifier who prepares 
authenticated data with secret classical key k and a malicious attacker who is to act upon the 
authenticated data without knowledge of k. The goal is to construct an authentication scheme 
with the property that for each gate G belonging to some universal set of gates there exists a 
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gadget circuit G that the attacker can perform on authenticated data so as to implement a logical 
G. Furthermore, we require that the gadget G be independent of the choice of classical key k so 
that it may be implemented by an attacker without knowledge of k. 

Normally, any non-identity gadget G would invalidate the authenticated state. We therefore 
require a scheme which allows the verifier to validate the state again simply by updating the classical 
key k i— >• k'. Moreover, by updating the key in this way the verifier effectively forces the attacker 
to apply the desired gadget G as otherwise the state would fail verification under the updated key 
k'. 

Some gadgets are quite simple. For example, we shall soon see that the gadget for a logical 
controlled-NOT in the trap scheme is simply a bitwise controlled-NOT applied to the physical 
qubits in the authenticated registers. Other gadgets, however, are more complicated, owing partly 
to the fact that there is no quantum error detecting code that admits bitwise implementation of 
every gate in a universal gate set. 

Following the example of the polynomial scheme of Ben-Or et al. [BOCG^06], we borrow from 
the study of fault-tolerant quantum computation to complete a universal gate set by means of so- 
called "magic states" . A magic state gadget for a logical gate G is a circuit that takes an additional 
(authenticated) ancillary register as input, performs a measurement, and then performs a correction 
based on the result of that measurement. A magic state gadget for G works only when the ancillae 
are prepared in a special (authenticated) magic state tailored specifically for the gate G. (For 
example, Ben-Or et al. exhibited a magic state and associated gadget for the generalized Tofi^oli 
gate under the polynomial scheme [BOCG^OG].) Thus, implementation of a universal gate set on 
authenticated data requires the ability to prepare authenticated magic states and the ability to 
measure authenticated qubits in the computational basis. 

5.5 A universal gate set for the trap scheme 

In Section 5.3 we stipulated that a trap scheme can be constructed from any underlying code E 
chosen from a large class of codes. We also noted that if ii^ is a CSS code then so are its associated 
trap codes, from which it follows that measurement of logical data can be implemented by a simple 
bitwise measurement of authenticated data. 

In addition to being a CSS code, our implementation of a universal gate set for the trap scheme 
requires an underlying code E for which a logical Hadamard gate H is implemented by bitwise H 
on each physical qubit. CSS codes with this property are sometimes called self-dual CSS codes. 
The seven-qubit Steane code is one example of a self-dual CSS code that suffices for this purpose. 
Specifically, it follows from Proposition 10 that if our trap scheme is to have security (2/3)'^/'^ then 
it suffices to base the trap scheme upon the Steane code nested a sufficient number of levels so as 
to achieve distance d. 

Our universal gate set consists of the following gates, listed in the order they are presented in 
the following subsections. 

1. The standard single-qubit Pauli gates, denoted X,Y,Z. 

2. The standard two-qubit controlled-NOT gate, denoted CNOT. 

3. The single-qubit i-shift phase gate, denoted K and specified hy K : \a) ^ i"'\a) for a € {0, 1}. 

4. The single-qubit vr/S-phase gate, denoted T and specified by T : |a) i— >■ e"'''-'^ / ^\a) for a G {0, 1}. 

5. The standard single-qubit Hadamard gate, denoted H. 

This gate set is redundant in the sense that only {cnot, T} are required to achieve universality. 
Indeed, = K and = Z, so why bother listing these extra gates? The answer is that the 
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gadgets for the Pauli and controlled-NOT gates are very simple. By contrast, the gadget for K 
is a magic state gadget that requires cnot and Y and the gadget for T is a magic state gadget 
that requires cnot, X, and K. Thus, in order to get a T gate we must "bootstrap" our way up 
from Pauh gates, cnot, and K. (If an apphcation calls for only Clifford circuits on authenticated 
data then the T gate construction can be ignored, as {cnot, H, K} suffice to generate the Clifford 
circuits.) 

5.5.1 Pauli gates 

The gadgets for each Pauli gate X, Y, Z are empty. As with the polynomial scheme [BOCG^06], in 
order to implement a logical Pauli gate in the trap scheme the attacker does absolutely nothing to 
the authenticated register and the verifier simply updates the Pauli key according to the desired 
Pauli gate. 

In particular, logical Paulis for the seven-qubit Steane code admit straightforward bitwise im- 
plementations. Thus, the verifier can implement a logical Pauli Q in the trap scheme by modifying 
the Pauli key according to P i— t- PQ®"^ where Q®'^ is applied to registers (D, X, Z), leaving the Pauli 
key for the trap registers X', Z' unchanged. 

5.5.2 The controlled-NOT gate 

The gadget for a controlled-NOT from logical qubit a to logical qubit 6 is a straightforward bitwise 
CNOT applied from each physical qubit of a to its corresponding physical qubit in b. 

To see that this simple bitwise gadget implements logical cnot recall that every CSS code 
(including the Steane code) admits a bitwise implementation of logical cnot. Moreover, the cnot 
applied bitwise to the trap registers acts trivially on those registers: 

CNOT : |0)|0) ^ |0)|0) 

Finally, observe that bitwise cnot is invariant under permutation of the physical qubits provided 
that both data blocks are subjected to the same permutation. (See Section 5.6.1 for further discus- 
sion.) 

The Pauli key is updated according to the well-known effect of cnot on Pauli operations. In 
particular, if the Pauli keys for the iih physical qubit from both data blocks are X^Z'^^X'^Z^, 
respectively, then the updated Pauli keys for these physical qubits are X^Z'^^'^, X^^^Z*. 

5.5.3 The i-shift gate 

Readers familiar with the Steane code know that a bitwise K gate applied to each physical qubit 
implements K* on logical data. At first glance one might therefore hope that the K gate, like 
cnot, admits a simple bitwise gadget under the trap scheme. Unfortunately, trap codes do not 
admit bitwise implementation of the K gate even if the underlying code does admit such an imple- 
mentation. Bitwise implementation fails for trap codes because the trap qubits prepared in state 
1+) are mapped by K to K\+) = |0) + A trap qubit in this state is detected as a Z-error with 
probability 1/2. 

Instead we require a more complicated magic state gadget for K that uses only Pauli and cnot 
gates together with measurement in the computational basis. Our gadget is a simple modification 
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of the well-known fault-tolerant construction for the vr/S-gate of Boykin et al. [BMP"''00]. The 
logical gadget for the K gate is depicted as follows. 



|o) + i|i) — y — {y}— k\'4j) (1) 



Here IV') denotes the arbitrary state of the data qubit; the magic state for this gadget is |0) + 
The physical gadget to be implemented by the attacker on authenticated data is derived from the 
above logical gadget by replacing the input qubits with authenticated registers and by replacing 
the logical cnot, Y , and measurement with their respective physical gadgets. 

Once the authenticated magic state has been prepared, all the gates in this gadget except the 
measurement can be implemented by solely by the attacker. The verifier's knowledge of the secret 
key is required in order to decode the measurement result, which indicates whether a Y correction 
is needed. 

Since y is a Pauli gate and since Pauli gates require no action from the attacker, this gadget 
can be implemented with only one-way classical interaction from attacker to verifier. In particular, 
the attacker implements the measurement by bitwise measurement of physical data as described in 
Section 5.2. The verifier decodes the measurement result (and checks for tampering in the process) 
and then implements the Y correction (if it is needed) simply by updating the Pauli key for that 
qubit as described in Section 5.5.1. 

5.5.4 The vr/S-phase gate 

The gadget for the T gate is a magic state gadget that is very similar to the magic state gadget 
for the K gate described Section 5.5.3 and consequently much of the discussion from that section 
applies here. The original fault-tolerant construction due to Boykin et al. [BMP+00] can be used 
verbatim as the logical gadget for the T gate in the trap scheme. Their construction is reproduced 
below. 
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The magic state for this gadget is |0) -|- e*'^/'^|l). 

Whereas the gadget for K presented in Section 5.5.3 specified only a Pauli Y correction, the 
correction required in the T gadget is the Clifford gate KX. Two-way communication between 
verifier and attacker is required to implement this gadget because the verifier must inform the 
attacker as to whether to apply a K gate. Naturally, this K gate, if it is required, is achieved via 
the magic state gadget presented Section 5.5.3, which requires a separate magic state of its own. 

Since K is not a Pauli gate subsequent computation on authenticated quantum data cannot 
proceed until the correction is applied (if it is needed). Thus, the verifier must decode the classi- 
cal measurement result and reply immediately to the attacker with instructions as to whether a 
correction is required. 
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5.5.5 The Hadamard gate 



Similar to the K gate, a logical H gate can be implemented under the Steane code by applying H 
bitwise to each physical qubit. One might therefore hope that the H gate admits a simple bitwise 
gadget under the trap scheme. Unfortunately, as with the K gate, trap codes do not admit bitwise 
implementation of H even if the underlying code does admit such an implementation. Bitwise 
implementation fails for trap codes because the |0) and |+) trap qubits are swapped by the action 
of bitwise H. Each trap qubit is thus in a state that is detected as an error with probability 1/2. 

As with the implementations of the K and T gates described previously we shall implement 
the Hadamard by a magic state gadget. Whereas the gadgets for K, T are compact and efficient, 
the simplest known magic state gadget for the Hadamard gate is the teleport-through-Hadamard 
circuit, which is a special case of the gate teleportation protocol of Gottesman and Chuang [GC99]. 
This circuit is depicted in Figure 4. The magic state for this gadget is the two-qubit maximally 
entangled state |00) + |01) + |10) - |11). 



Magic state 



|00) + |11 




H 



Z — X 



HI 



Bell measurement 



Figure 4: Teleport-through-Hadamard circuit 

Implementation of the Bell measurement appearing in the above circuit requires that a Hadamard 
gate be applied to one of the two qubits immediately prior to measurement. At first glance this 
requirement might appear circular, as we require a Hadamard gate in order to implement the 
Hadamard gate. We claim, however, that it is possible to implement the Hadamard gate bitwise 
on authenticated data provided that the qubit is measured immediately afterward as is the case for 
a Bell measurement. 

This claim is not difficult to justify. As mentioned above, the effect of the bitwise H gate is to 
swap the syndrome registers X', Z' immediately prior to measurement. But it is trivial to modify 
any measure-then-decode procedure (such as that mentioned in Section 5.2) so as to take this swap 
into account. 

As with the gadget for K presented in Section 5.5.3, the correction in our gadget for H is a 
Pauli gate. Hence, implementation of this gadget requires only one-way classical communication 
from attacker to verifier. 



5.6 Miscellaneous remarks 

5.6.1 On the need to re- use code keys in the trap scheme 

Classical keys for the trap scheme are specified by a pair k = (vr, P) indicating the choice of trap 
code and Pauli encryption P. In Section 5.5 we saw that each gate G in our universal gate 
set for the trap scheme has the property that the associated gadget G is validated by updating 
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only the Pauli key P so that (tt, P) i— )• {tt,P'). This is fortunate, as our implementation of the 
controhed-NOT gate necessitates that every authenticated qubit share the same code key vr. As 
noted in Section 5.2, the security of of any encode-encrypt scheme (including our trap scheme) is 
preserved even when the code key is re- used across multiple data registers. 

The polynomial scheme of Ben-Or et al. has a similar structure [BOCG^06]. In particular, a 
key in the polynomial scheme is a pair k = (s, P) consisting of a "sign key" s and a Pauli key P. 
The generalized controlled-NOT and Toffoli gates for the polynomial scheme necessitate that each 
authenticated qudit use the same sign key but different Pauli keys. 

5.6.2 Clifford circuits can be implemented offline 

The 7r/8-phase (T) gate is the only gate in the universal set described in Section 5.5 that requires two- 
way interaction between the attacker and verifier. Since any Clifford circuit can be implemented 
without T gates, it follows that any Clifford circuit can be implemented on data authenticated 
under the trap scheme in an offline manner. In particular, the transmission to the verifier of all 
measurement results from all gadgets for the gates in a Clifford circuit can be put off until the very 
end of the computation, at which time the verifier can decode the results and deduce the effect of 
each correction on the final Pauli key. 

5.6.3 Any circuit can be implemented with only classical interaction 

We can see from the gate constructions of Section 5.5 that any quantum circuit whatsoever — be 
it a Clifford circuit or otherwise — can be implemented on authenticated data with only classical 
interaction between attacker and verifier. 

In our application to quantum one-time programs we exploit this fact in order to obtain a non- 
interactive protocol for two-party quantum computation by encapsulating all classical interaction 
inside a reactive classical one-time program. 

The need in our quantum one-time program for a reactive classical one-time program is neces- 
sitated by the gadget for the T gate. In the special case that the quantum one-time program is 
for a Clifford circuit there is no need for a reactive classical one-time program: it suffices to use a 
non-reactive COTP to compute the final decryption key based on measurement results supplied by 
the user. 

5.6.4 Rigorous security 

In this section we described how gates from a universal set can be applied to data authenticated 
under the trap scheme. Intuitively, we can see that the interactive protocol for implementing an 
arbitrary circuit is cryptographically secure, yet we did not provide a fully formal proof of security 
in this section. If desired, a fully rigorous security proof for computation on authenticated data 
via the trap scheme can be obtained as a special case of the security proof for our main result on 
QOTPs in the next section. 

6 Statement and analysis of our QOTP 

In this section we will formally describe and analyze our protocol for quantum one-time programs. 
First, in Section 6.1, we describe a few preliminaries, in particular notation related to implementing 
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quantum computation using Clifford gates and magic states. In Sections 6.2 and 6.3 we specify 
the protocol actions for honest senders and receivers. Sections 6.4 through 6.8 contain the proof of 
Theorem 8, that our protocol is statistically quantum-UC-secure realization of J-^^^ in the case of 
a corrupt user, in the J-'^^"*-'"'"^-hybrid model. The proof makes use of a new tabular representation 
for operations which is given in Section 6.5 (see also Appendix C.2). We first describe the general 
form of the security argument in Section 6.4, analyze the environment's interaction with the sender 
in Section 6.6, and describe and analyze the simulator for an arbitrary adversary in Sections 6.7 
and 6.8. 

Our QOTP construction requires an encode-encrypt quantum authentication scheme that ad- 
mits quantum computation on authenticated data, such as the trap scheme presented in Section 
5. Our construction is completely independent of the specific choice of scheme. Moreover, if the 
underlying authentication scheme is e-secure then our QOTP is 2e-secure. 

Henceforth we assume that such a scheme is fixed — call this scheme Q. We let denote the 
family of codes upon which Q is based and we let Q denote the universal gate set that can be 
implemented on data authenticated under Q. 

6.1 Preliminaries 

Suppose that we are given an arbitrary unitary V — specified as a circuit using gates from Q and 
acting upon register R — and we wish to construct a circuit that implements V on data authenticated 
under Q. We have already seen how to do this for the trap scheme. In this section we review 
this simple process so as to establish basic concepts and notation that will be useful throughout 
Section 6. 

6.1.1 Quantum computation with Clifford gates and magic states 

Let r denote the number of gates in V that require magic states. (For the trap scheme, r is the total 
number of K, H, and T gates in V.) Alongside the data register R we add r registers Mi, ... , M^, 
which are assumed to be initialized to the appropriate magic states , . . . ,\^ir) ■ We refer to 
these r registers collectively as M and to the collective state of M as 

Let V^^^ , ■ ■ ■ , y^^^ be a partition of the gates of V so that V^^^ denotes the Clifford circuit con- 
sisting of all the gates occurring after measurement of the ith. magic state and before measurement 
of the (i + l)th magic state. Note that each V^^^ acts only upon registers (R, Mj+i) and V^'^'^ acts 
only upon R. The circuit V is implemented as follows: 

1. Apply 

2. For i = 1, . . . , r: 

(a) Measure the magic state register Mj and apply the Clifford correction C^*^ indicated by 
that measurement result. 

(b) Apply 

In order to see how the action of V is recovered from the above process it is helpful to write 
this procedure as a channel on R in Kraus form. To this end let a £ {0, 1}'' be the r-dimensional 
vector of classical measurement results obtained in the above implementation of V and let Va de- 
note the Clifford circuit resulting from applying V^^^ , ■ ■ ■ , V^'''^ interleaved with Clifford corrections 
C*-^-* , . . . , C^''^ according to the measurement outcomes a. Because each V^'^'^ acts upon a unique 
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magic state register, the desired channel on R can be written as follows: 

Yl HK(p$5|/i)(/i|)Kl«> ■ (3) 

aG{0,l}'- 

It is a property of magic state implementations of gates that for each a we have 

{a\Va\ti) = . (4) 

So the above channel (3) is equivalent to 

Yl ^VpV* = VpV* (5) 

aG{0,l}'' 

as desired. 

If for some reason the measurement results a are corrupted to some other vector a' then the 
above procedure will mis-apply the Clifford corrections C^^\ . . . , C^^\ Let Va-a' denote the circuit 
derived from V by inserting extra Clifford gates according to the corruption a — a' so that 

{a'\Va\p) = ^Va-a' ■ (6) 

6.1.2 Encoded circuits 

In accordance with the convention introduced in Section 5.1, any register denoted with a tilde 
is assumed to be accompanied by its own X- and Z-syndrome registers. Given a logical register R 
and a code E £ S", the encoded register R is obtained by applying the operator E{Ifi ® |0)) to R. 
For brevity we omit the initial state 1 0) of the syndrome registers and simply view E as an isometry 
from R to R when it is convenient to do so. When multiple registers Ri, . . . , R^ are each encoded 
under the same code E we write E instead of E'^^. 

Given a circuit W acting on R and composed entirely of states from Q that can be implemented 
without magic states (such as the circuits Va of the previous subsection) , it is easy to construct the 
circuit W acting on R that implements W on authenticated data: simply replace each logical gate 
with its equivalent on authenticated data. 

Of course, encoding a register under a code E and then applying W is equivalent to first 
applying W and then encoding the result under E. This identity is expressed succinctly under the 
above notation as 

WE = EW. 

6.2 Specification of the sender's message 

Let $ : (A, B) — t- C be a channel specified as a quantum circuit using gates from Q. In this 
section we specify the QOTP for <I>. More specifically, suppose that the input registers (A, B) 
are prepared in some state (possibly entangled with other registers) and given to the sender and 
receiver, respectively. In this section we show how to construct the sender's message to the receiver 
given A. 
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6.2.1 Implementing a channel via controUed-unitary 

Without loss of generality we assume that the channel $ has the form $ : (A, B) — )• B. That is, the 
receiver's output register C = B has the same size as the input register. Furthermore, without loss 
of generality we assume that the channel $ is specified by a unitary circuit U acting on registers 
(A, B, E). The extra register E is an auxiliary register initialized to the |0) state. The action of $ is 
recovered from U by discarding registers (A, E) so that ^{p) = Tip^EiU pU*) for all p. 

Given a circuit U one can efficiently find a circuit for the controlled-C/ operation, which we 
denote c-U . In addition to the registers (A, B, E), the circuit for c-U acts upon an additional qubit 
called the control qubit so that for any pure state \ip) of (A, B, E) we have 

c-U : IV') i8) |on) H> U\ip) |on) 
: IV') |off) ^ IV') |off) . 

In an effort to minimize the number of distinct register names we bundle the control qubit into the 
ancillary register E with the understanding that the initial state of E is |0) for U and |0)|on/off) 
for c-U. 

In our QOTP for <1> the sender and receiver shall implement the circuit for c-U. In this protocol 
the sender prepares the authenticated ancilla register E (including the control qubit) and gives it 
to the receiver (along with several other quantum registers and a reactive COTP to be specified 
shortly). This control qubit is always initialized to the |on) state. As such, one might wonder why 
we bother implementing c-U instead of U. The purpose of the control qubit is to facilitate the 
forthcoming security proof. 

We also have an alternative QOTP in which U is implemented directly with no need for c-U. 
However, the security proof for this alternative QOTP is more technically cumbersome than our 
protocol for c-U (see Section 6.2.3) so we have elected to present only the protocol for c-U in this 
paper. Whether or not the controlled- [/ is necessary for our somewhat simpler security proof is an 
interesting unresolved question. 

6.2.2 Specification 

Let r be the number of gates in c-U that require magic states. After the parties have received their 
input registers A, B, a non-interactive protocol for c-U consists of a single message from the sender 
to the receiver. This message consists of the following objects: 

1. Quantum registers A, Bin, Bin, Bout, Bout, E, M = (Mi,...,M,,) prepared in specific states de- 
scribed in Protocol 1 below. 

2. An (r+l)-round reactive classical one-time program (BR-OTP) described in Protocol 2 below. 
In order to prepare this message, a code E £ S' and encryption Paulis P, S are chosen uniformly at 
random. The Pauli S acts on Bout and the Pauli P acts on (A, Bin, E, M). (Here and throughout the 
paper we adopt the convention that the portion of a multi-register Pauli acting on a single register 
is denoted by the register name appearing in a subscript. For example, the portion of P acting 
on M is denoted P^^ and it holds that P = P^0 P^ (8) P| (g) Pfj\.) The registers are prepared as 
described in Protocol 1 and Figure 5. 

In addition to these registers, the sender prepares an (r + l)-round BR-OTP to act as described 
in Protocol 2. 



28 



Protocol 1 Message preparation for sender 



(Bin,Bjn): Teleport-through-authentication state Pq E\(j)'^). (See Figure 5(a).) 
(Bout; Bout): Teleport-through-de-authentication state obtained by discarding the syndrome reg- 
isters of S*5|(/)+). (See Figure 5(b).) 
A: Authenticated input state. Obtained by applying P^E to the input register A. 

E: Authenticated ancilla P^E\0)\oia.) . 

M: Authenticated magic states P^E\fi) where \ fi) = \fii) ■ ■ ■ l/j^r) and . . . , \fj,r) are 

the r magic states required for c-U. 



(a) Teleport-through-authentication (b) Teleport-through-de-authentication 
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Figure 5: Circuits for teleporting through authentication and de-authentication 



Protocol 2 Specification of the BR-OTP 

1. Receive (a classical description of) a Pauli T'". 

2. For i = 1, . . . ,r: 

(a) Receive a classical bit string Cj. Decode Cj into a classical bit as per the measure- 
then-decode circuit (95) of Section B.2 with code key E and decryption Pauli P^ to be 
specified later. Return the decoded bit Oj to the user. 

(b) If Cj is inconsistent with (E, ) — that is, if the measure-then-decode circuit (95) applied 
to Cj indicates a non-zero error syndrome — then cheating has been detected. Remember 
whether cheating has been detected. 

3. Receive (a classical description of) a Pauli T°"*. If cheating was never detected in step 2b 
then return to the user a (classical description of a) decryption Pauli S to be specified later. 
Otherwise return uniformly random bits. For later convenience we specify that the classical 
description of S be contained in a register K. 
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This QOTP could be mass-produced. The state of the authenticated register A depends 
upon the state of the sender's input register A. But the remaining registers could all be prepared 
(or mass-produced) before A is received. Furthermore, the BR-OTP also does not depend upon A, 
but it does depend upon the authentication key for A. This key could be chosen in advance, in 
which case the BR-OTP could also be mass-produced before A is received. 

6.2.3 No need to check integrity of the data registers 

Notice that the BR-OTP checks the syndrome registers of only the magic state register M and 
ignores any error syndrome present in other registers. This minimal requirement might at first 
seem insufficient to establish a secure QOTP as, for example, the receiver is free to tamper with 
the data registers (A, B, E). We shall see later that any such attack is equivalent to an attack before 
and/or after $ is applied and hence can be reproduced by a simulator with one-shot access to ^. 

If instead we were to modify our BR-OTP so as to also verify the syndrome registers for the 
receiver's output register Bout then we could derive a protocol that implements the circuit U directly, 
as opposed to the controlled-C/ implemented by the present protocol. As suggested earlier, however, 
the formal proof of security for such a protocol is more technically cumbersome than our current 
proof. 

As noted in Section B.2, the measure-then-decode circuit (95) implemented by the COTP in step 
2a is equivalent to the decode-then-measure circuit (96). Thus, we may equivalently assume that 
in step 2a the COTP applies the quantum circuit E* to register Mj followed by measurements 
of the X-syndrome register and the data register. 

6.3 Protocol for an honest receiver, completeness 

The actions for an honest receiver to use the QOTP to obtain ^{p) are specified in Protocol 3. 

6.4 General form of an arbitrary environment 

UC security of the protocol of Section 6.2 is proved as follows. First, consider an arbitrary (possibly 
cheating) receiver who receives the message from the sender and interacts with the sender's BR- 
OTP. Throughout the interaction the receiver also exchanges messages with an environment. UC 
security is established by exhibiting a simulator that mimics the behaviour of the receiver from the 
environment's point of view using only calls to the ideal functionality. Specifically, the environment 
selects the input registers (A, B) for both sender and receiver, interacts with either the real receiver 
or the simulated receiver, then produces a single bit indicating the environment's guess as to whether 
it interacted with the real or simulated receiver. 

By the completeness of dummy adversaries [CanOl, UnrlO], it suffices to assume that the receiver 
simply shuttles messages between the environment and the honest sender. For convenience this 
dummy receiver can be absorbed into the environment, leaving only an interaction between the 
environment and the honest sender (or simulated honest sender). In this section we write down a 
general form that every such environment must have. 

Given the discussion above, we assume without loss of generality that the actions of any envi- 
ronment throughout the interaction are as described in Protocol 4. 

Let us now argue that no generality is lost in assuming an environment described in Protocol 

4. 
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Protocol 3 Honest use of QOTP 



1. Perform a Bell measurement on (B, B|n) so as to teleport-through-authentication. This is 
achieved by first applying the unitary Bell rotation B followed by a measurement {|T'")(T'"|} 
where each |T'")(T'"| is a projector onto the classical basis state indicating Pauli correction 
T'". The receiver provides T'" as the first input to the BR-OTP. 

At this time the contents of B have been authenticated and placed in register Bin- 

2. Run the protocol of Section 6.1.1 with V = c-U so as to apply c-U to the authenticated 
registers (A, Bin, E, M). Explicitly, 

(a) Apply c-f7(0). 

(b) For i = 1, . . . ,r: 

i. Measure the magic state register Mj and provide the result as input to the BR-OTP. 

ii. The BR-OTP provides as output a single bit indicating whether to apply the asso- 
ciated Clifford correction C^^\ 

in. Apply c-C/(^). 

The implementation of c-U is now complete. At this time the register (A, Bjn, E) holds the 
authenticated version of (A, B, E) with c-U applied. 

3. Perform a Bell measurement on (Bjn, Bout) so as to teleport-through-de-authentication. As 
above, the result of this measurement indicates a Pauli correction T°"*, which the receiver 
provides as the final input to the BR-OTP. 

At this time the register Bout holds the receiver's output. This register is encrypted but not 
authenticated. 

4. For its final output, the BR-OTP provides the Pauli decryption key S to be specified later. 
Apply this Pauli to Bout to recover the receiver's output. 



Protocol 4 General form of an arbitrary environment 

1. Prepare registers (A, B,W) in an arbitrary pure state {ip) and provide A to the sender (or 
simulated sender) as input. 

2. Receive from the sender (or simulated sender) quantum registers (A, Bin, Bin, Bout, Bout, E, M). 
Apply a unitary K^'^^ to all the registers, then perform a Bell measurement on (B, Bin) so as 
to teleport-through-authentication. Provide the resulting Pauli T'" as the first input to the 
BR-OTP, just as an honest receiver would. 

3. For i = 1, . . . ,r: 

(a) Provide the register Mj to the BR-OTP. 

(b) The BR-OTP returns a single bit Oj. 

(c) Apply a unitary Ka^ to the remaining registers. (That is, every register except 
B, Bin, Ml, . . . , Mj.) The subscript aj indicates that the environment's choice of Kai 
could depend upon the bit Cj. 

4. Perform a Bell measurement on (Bin, Bout) so as to teleport-through-de-authentication. Pro- 
vide the resulting Pauli T°"^ as the final input to the BR-OTP, just as an honest receiver 
would. 

5. The BR-OTP provides as its final output (a classical description of) a decryption Pauli S to 
be specified later, stored in a new register K. 

6. Perform a binary-valued measurement on the remaining registers A, Bout, E, W, K. 
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1. The BR-OTP has by definition classical input/output behaviour that does not preserve co- 
herent superpositions of classical basis states. As such, any qubits touched by the BR-OTP 
are assumed to be measured in the computational basis. Thus, it makes no difference whether 
data sent to a BR-OTP is measured by the environment or by the BR-OTP, so we are free 
to assume that any given measurement is performed by whichever party better suits our 
discussion. 

2. In steps 2 and 4 it is assumed that the environment does a proper Bell measurement of (B, Bjn) 
and (Bjn, Bout), respectively, and then faithfully reports the results to the BR-OTP just as an 
honest receiver would. This assumption is justified because any tampering the environment 
might wish to do with the measurements or the results thereof can instead be incorporated 

(i) 

into the environment's circuits Ka/ ■ 

For example, an environment who wishes to tamper with the Bell measurement in step 2 
could select the circuit K^^^ so as to prepare the registers (B, Bin) in any desired state by 
swapping out data from the memory workspace W (or even other registers from the sender) 
and then pre-invert the rotation into the Bell basis prior to measurement. Substituting this 
choice of K^^^ into Protocol 4, we see that such an environment undoes the Bell rotation 
and thus the resulting measurement of (B, Bjn) reproduces exactly the result intended by the 
environment. 

3. In step 3a it is assumed that the environment simply transmits the unmeasured register Mj 
to the BR-OTP. 

As explained above, we are free to make this assumption as the BR-OTP has purely classical 
input/output behaviour. This assumption is convenient because it allows us to seamlessly 
substitute the measure-then-decode procedure with its equivalent decode-then-measure pro- 
cedure acting on unmeasured quantum data as described in Section 5.2. 

(i) 

4. Intuitively, the environment's ith. circuit Ka/ could depend upon all prior classical data 
exchanged with the BR-OTP. Yet in step 3c we explicitly allow only for dependence upon 
the most recent bit Oj received from the BR-OTP. Furthermore, we make the simplifying 

(i) 

assumption that each Ka/ does not act upon the registers B, Bjn, Mi, . . . , that were 
measured earlier in the protocol. No generality is lost, however, because prior circuits are 
free to copy classical data into fresh space within the workspace register W for reference in 
future rounds. 

6.5 A tabular representation for operators and vectors 

Security of our QOTP is established by analysis of the state of all the registers in the environ- 
ment's posession immediately prior to the final binary- valued measurement in step 6 of Protocol 
4. However, it is difficult to produce a concise description of this state due to the large number of 
distinct registers and the many rounds of interaction with the BR-OTP. To combat this difficulty 
we introduce a tabular representation for operators and vectors. 

This new way of describing states is best explained by example. To this end recall that the 
initial state of registers (A, B, W) is and that register A is given to the sender as input. The 
sender introduces registers Bin, Bin, Bout, Bout, E, M. For each choice of code key E, encryption keys 
P, S, Bell measurement results T'",T°"^, and magic state data- and syndrome- measurement results 
a = (ai, . . . , Or), s = {si, . . . , Sr), the unnormalized pure state of the remaining (unmeasured) 
quantum registers (Bout,A,W, E) after step 4 of Protocol 4 (that is, immediately before the BR- 
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Figure 6: Tabular representation of the state of the system after step 4 of Protocol 4. 

OTP reveals the decryption key register K) is given by the table in Figure 6. 

In general, rows in a table correspond to registers in the joint system. Cells within each row 
correspond to individual operators or vectors and are ordered from right to left as per the convention 
for operator composition. Empty cells implicitly indicate the identity operator. The table as a whole 
specifies an operator (or vector) as a composition of product operators on the registers. 

In this particular table we have used the notation |V')ai |'0)b) |V')w to refer to the portions of 

contained in registers A, B, W, respectively. 

6.6 Analysis of the environment's interaction with the real sender 

At the end of its interaction the environment produces a single output bit. In order to prove UC 
security we must exhibit a simulator that interacts with the environment such that the distribution 
on the environment's output bit is nearly identical to that induced by the environment's interaction 
with the real sender and BR-OTP. 

We accomplish this task by deriving an expression for the state preai of the registers (Bout, A, E, W, K) 
in the environment's possession at the end of step 5 of Protocol 4. In Section 6.7 we will exhibit 
a simulator, then in Section 6.8 we derive an expression for the associated state psim at the end 
of the simulated interaction and show that the trace distance between preai aiid psim is negligible, 
from which the security of our QOTP follows. 

Recall that in step 5 the register K is revealed by the BR-OTP. Thus, if the state of the system 
at the end of step 5 is preai then state of the system at the end of step 4 must be TrK(preai)- We 
begin our analysis by focussing on the state TrK(preai)- 

Let \^P\,\,5^\ denote the number of Pauli operations acting on (Bin, M, P), Bout, respectively, 
so that each encryption Pauli P^S is chosen with probability l/|^|,l/|o5^|, respectively. The 
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normalized mixed state TrK(/3reai) of (Bout, A, W, E) at step 4 is 



1Vk(P: 



1 



'real J 



l(6))((6)| 



(7) 



E,P,S,a,s,T''",T°" 



where |(6)) denotes the unnormahzed pure state depicted in Figure 6. 

This state can be written much more succinctly. Let a = (ai, . . . , Ur) and s = {si, . . . , Sr) denote 
the vectors of magic-state data and syndrome values and write 



{a\ = (a^l • • • (ai| 
(s| = {sr\ ■ ■ ■ {si\. 



(8) 
(9) 
(10) 



The rows of table (6) corresponding to the magic state registers Mi, ... , can be amalgamated 
into a single row M. The table (6) can be written 
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(11) 



Insert a superfluous / = {c-Ua)* (c-Ua) acting on registers (Bin, A, E, M) into the table (11) immedi- 
ately prior to Ka and reorder the rows to get 
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(12) 



(Here we have used the notation (c-C/a)l , etc. to illustrate the fact that the unitary (c-Ua)* is split 
over several nonadjacent rows in the table. If the rows A, Bin,E, M were all adjacent then this 
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notation would be unnecessary; all four of those cells could be merged into a single larger cell for 
the operator (c-Ua)* ■ Unfortunately, it is not possible to order the rows so as to eliminate the need 
to split some operators or states across nonadjacent rows.) 

At an intuitive level, if the environment is to avoid being detected as a cheater by the BR-OTP 
then whatever the environment does in Ka must cancel out {c-Ua)* so that c-Ua is implemented on 
(Bin,A,E,M). 

Let 



Ka{c-UaT= agQ (13) 

Paulis Q 

be a Pauli decomposition of Ka{c-Ua)* ■ Substitute this decomposition into (12) to obtain 



1(6))= ^ aQ|(15)) 

Paulis Q 



(14) 



where the table (15) is given by 
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Let us consider the teleportation operations. According to Appendix C, the rows for B cuid Bjn C9,n 
be folded into Bjn to obtain 
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Registers A, E, M, W same as (15). 



(16) 



(Here | R| denotes the dimension of the space associated with register R.) We can then fold Bin, Bout 
into Bout so as to obtain 



|(15)) = |B|-V2|BiJ~i 
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Bout 
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Registers A, E, M, W same as (15). 
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Notice the normalization factors |B| |Bin| picked up in the process — we wih inchide those 
later. Let us re-write the entire table, amalgamating c-Ua, P, and {ip). 
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(18) 



The next step is to use commutation relations so as to massage this table into a nice form for the 
Pauli sandwich (Appendix B). 

To this end let us first dispense with the annoying transposition operations appearing on 
QJ, Qr ■ Note that for any multi-qubit Pauli operator P the transpose P"*" = itP with the 

Bout I" 

negative phase occurring whenever P is a product of an odd number of y-Paulis. Let y{P) £ {il} 
denote this phase so that P^ = y{P)P for all Paulis P. We apply this identity to the above table, 
producing an extra phase factor y{Qs )y{QB,„)- 



We require some notation before proceeding further. For any Paulis P, Q we write 



c{P,Q) 



+1 
-1 



if PQ 
if PQ 



QP 
-QP 



(19) 



for the phase picked up by commuting P,Q. By analogy to the notation introduced in Section 5.1, 
for any code E and any Pauli P we let Pe denote the Pauli with PeE = EP. Recall that for 
any vector a of measurement results the encoded circuit c-Ua is a Clifford circuit. As such, for any 
Pauli P we let vra(P) denote the Pauli with 



7raiP)ic-U) = {c-Ua)P ■ 

Finally, recall that {c-Ua)E = E{c-Ua) as noted in Section 6.1.2. 

Now, concentrate only on the rightmost four columns of the table (18): 
1. Qbih commutes with T'", picking up a phase of c{T^" ,Qb-,„)- 
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2. Replace ET" with t^E. 
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(23) 



4. Then we can pull E through c-Ua- 
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The entire table is now 
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(25) 

We now have an expression for the decryption Pauli P^ used by the BR-OTP: 

P^'^TTaiPW^. (26) 

In order to clean up the extra phases we introduced by the above commutation relations we write 

«Q,Tin = y{QBjyiQBjc{r",QBjaQ (27) 

for each choice of Paulis Q, T'" so that the original state (6) can be written 

|(6)) = |B|-V2|B;,rV2 ^ aQ,^.|(25)). (28) 

Paulis Q 

Until now we have used only simple commutation relations to derive an alternate expression for 
the state |(15)). Now we wish to employ the Pauli sandwich on register M so that the double sum 
over becomes a single sum. To this end consider the table 
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(29) 
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obtained from (25) by deleting everything in row M occurring after the operator c-Ua- For each 
PauH Q|y| define 

IQm) = E"Q>^J(29)). (30) 

Here the summation over is shorthand for a summation over all Paulis Qbi Qb\„^ Qq i Qq 

Qbouh Qa' ^E' — ^^^^ Paulis comprising Q except the Pauli acting on M. Note that 

the only dependence of |<3|^) on is in the scalar aq j^m. Keep in mind that IQm) also depends 
upon T", T°"\ a, s, E, vTa (PTj^" ) ^^^^ , TraiPT'^)^,, TraiPT'^)^, S; we have simply omitted these 
parameters for brevity. 

By the Pauli sandwich (Lemma 13) we have that the mixed state TrK(/Orcai) from (7) equals 
TrK(Prcai) = ^ ~ {a\{s\E*Q^E\Q^){QjE*Q^E\a)\s) (31) 

From here consider two cases corresponding to zero and non-zero syndrome measurements (s = 
0, s 7^ 0), indicating acceptance and rejection by the BR-OTP, respectively. In so doing we decom- 
pose preai i^to a sum of three positive semidefinite operators 

Preal = Pre} + -Race + [^rcal] (32) 

where [ffreai] has trace at most e. Then in Section 6.8 we will show that 

Psim — -^rej ~l~ Pace ~l~ [^sim] (33) 

for some [ssim] that has trace at most e, from which it will follow that 

llPreal " Psimllxr = || [^rcal] " [^sim] Hxr < 2e (34) 

as desired. 

6.6.1 In the event of acceptance 

Consider the unnormalized mixed state obtained from the expression (31) for TrK(/Oreai) by restrict- 
ing attention to those terms in the summation with syndrome outcome s = 0. (See Appendix B for 
explanations of the notation for the logical Pauli Qgi^E) induced by E and for the subset <^x(Q) C S" 
of codes E for which Q£(e) is a purely Z-Pauli and Q has no X-error syndrome.) It is easy to see 
(and follows immediately from the work of Appendix B.2.1) that this unnormalized mixed state is 

|.||^||^||P,||5 I E E H|gM)(QMll«)+TrK([^real]) (35) 



TrK(i?acc) 



for some choice of [ereai] • By the security of the decode-then-measure procedure used by the BR- 
OTP it must be that TrK([ereai]) and hence [ereai] have trace at most e. Henceforth we concentrate 
only on the highlighted term of (35), which is taken to be TrK(i2acc) for the operator iJacc appearing 
in the desired decomposition (32) of Prcai- 
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Because the syndrome measurement succeeded, the BR-OTP reveals a new register K containing 
a classical description IS*) of a decryption key S. (An explicit formula for this key is given in Section 
6.6.3.) The unnormalized pure state (a||Q|^) plus register K can be written 
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where the table (37) is given by 
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We may now employ the identity (4) from Section 6.1.1 to get 

1 , , 1 
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so the state |(37)) becomes 
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(39) 



Write 



|Q^,5)'='X«Q,Tin|(39)) 



(40) 



so that 



l<f I 
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|^||B||Bin|2^' 



E E \Qm^S){Q^,S\ 



(41) 



P,5,a,Tin,T-t,Q^.£;G«?x(QM) 



Notice that the receiver /environment learns nothing about the keys TTa{PT'£) ^, Tra{PT'£)^ so the 
registers A, E remain completely mixed. Thus, the receiver gets only the Bout portion of the final 
state as desired. 
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6.6.2 In the event of rejection 



Consider the unnormaUzed mixed state obtained from the expression (31) for TrK(preai) by restrict- 
ing attention to those terms in the summation with syndrome outcome s ^ 0. (Again, the reader is 
refFered Appendix B for explanations of the notation Q£(e) and <^x0{Q)-) According to the analysis 
of Appendix B.2.1 this unnormalized mixed state is 



l^f ||^||=r||B||Bin| 



(42) 



The operator of (42) shall be taken to be TrK(i?rcj) for the operator Rrcj appearing in the desired 
decomposition (32) of preai- 

Because the syndrome measurement failed, the register K revealed by the BR-OTP is com- 
pletely mixed and so we can ignore it for the rest of this analysis. The unnormalized pure state 
('^IQm,£(£;)IQm) can be written 



(43) 



where the table (44) is given by 
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For each Q^^^^^ let \a') = Q|vi^(£;)|o) denote the modified vector of magic state measurement 
results. We may now employ the identity (4) from Section 6.1.1 to get 
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(45) 



so the state |(44)) becomes 
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(46) 



In the case of rejection the sender has no information about the encryption Paulis 7ra(PT^)Bo^,t, 
TTaiPT^)^, and Tra{PT'£)^. Thus, the unitary Ec-Ua-a' appearing immediately before the encryp- 
tion Paulis is superfluous — it can be removed without affecting the overall state. Moreover, the 
registers A, E remain encrypted and therefore completely mixed from the receiver's point of view. 
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Thus, one could replace the state |(44)) with, say, the following 
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we have 
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^ IQm, anything) (Q,^, anything] (49) 



P,S,a,s^O,T''",T-''',Q^ E&S,^^(QJ 

6.6.3 More analysis to determine the final key 

Now that we have analyzed an arbitrary environment /receiver for our QOTP we can easily derive 
an expression for the decryption key S used by an honest receiver to recover his output register B 
at the end of the protocol. The derivation in this section is not a prerequisite for the discussion of 
the simulator in Section 6.7. It is included here only for completeness. 

We claim that the decryption Pauli S is the logical Pauli induced on the data register by code 
E and Pauli 



(50) 



To see this, observe that an honest receiver will place no amplitude on terms for which Q ^ I. Our 
calculations are therefore simplified by assuming Q = I. Under this assumption the state |(39)) 
becomes 
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(51) 



and so we see that applying S to register Bout decrypts that register. Of course. A, E remain 
encrypted and the purification register W is not in the receiver's posession, so the receiver obtains 
only the B portion of ($ (g) lw)(|V')(V'l) as desired. 

6.7 Specification of the simulator 

In Section 6.6 we derived an 6xprGSsion for th.6 mixed stcite Preai 

of the registers (Bout, A, E, W, K) 

in the environment's possession at the end of step 5. In this section we specify a simulator, and 
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in the following section we show that the state psim of the environment's registers at the end of its 
interaction with the simulator is close in trace distance to /Oreai; from which security is established. 

This simulator must not interact with the sender. Instead, the simulator is permitted only 
one-shot, black-box access to the "ideal functionality" for <I>. We represent this ideal functionality 
by a single call to an oracle for U acting on registers (A, B, E) prepared by the simulator. The rules 
for permissible preparation and disposal of these registers are as follows: 

1. When given the initial state {ip) of registers (A, B, W) selected by the environment, the simu- 
lator must pass the register A directly to U without any pre-processing. 

2. The simulator must prepare the ancillary register E in pure state |0). 

3. Upon receiving the output registers (A, B, E), the simulator must discard registers A, E without 
any post-processing. 

The simulator constructs registers as listed in Protocol 5 and then acts as specified described in 
the protocol. The main idea is that our simulator will use the control bit contained in register E to 
"switch off" the application of U that would have been implemented by the real receiver interacting 
with the sender's BR-OTP. Instead, the black-box call to the ideal functionality will be embedded 
at the proper time so as to recover the required action of U. An additional teleportation step is 
required so that our simulator can embed U at the proper time. 

Protocol 5 Simulator 

Registers prepared by the simulator. 

Given the input register A our simulator constructs the following registers: 



(Bin, Sin): Simple EPR pairs for teleportation. 

(Sout, Bin): Teleport-through-authentication state of Protocol 1. 

(Bouti Bout): Teleport-through-de-authentication state of Protocol 1. 

A: Authenticated dummy input state for the sender P^E\0). 

E: Authenticated dummy ancillary state P^E\0)\oS) . 

M: Authenticated magic states as in Protocol 1. 

A' : To be used in the call to the ideal functionality. Contains the portion of 

contained in register A. 

E' : To be used in the call to the ideal functionality. Ancillary register in state |0). 



Execution of the simulator. 

1. Prepare registers (Bin, Bin, Bout) Bout, A, E, M, W) as above and send these registers to the en- 
vironment. 

2. The environment responds with a Pauli T'". Apply T'" to register Sin. Then use the ideal 
black-box to apply U to (A', Sin, E'). 

3. Perform a Bell measurement on (Sin, Sout) so as to teleport the contents of Sin through the 
authentication and place the result in Bin. Let T^"" denote the teleportation Pauli indicated 
by this Bell measurement. 

4. Execute Protocol 2 for the BR-OTP under the assumption that T^'"^ was received in the first 
round. (This step is not difficult: the responses of the BR-OTP depend only upon the choice 
of code E and encryption Pauli P.) 
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6.8 Analysis of the environment's interaction with the simulator 

Fix a choice of code E and encryption Paulis P, S. We re-use notation from Section 6.6 as much 
as possible. In Section 6.5 we wrote the unnormahzed pure state of the entire system as a large 
table 1(6)). We then introduced some shorthand notation in Section 6.6 that allowed us to write 
that table more compactly as |(11)). The equivalent of table (11) for our simulator is as follows. 
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(52) 



Then 

TrK(psim)= E T:a'E'(|(52))((52)|) . (53) 

E,P,S,a,s,T''",T°"^,T^''" 

We then inserted a superfluous / = (c-Ua)* (c-Ua) into the table (11) and derived the table (15) 
by substituting the Pauli decomposition (13) of Ka{c-Ua)* and fixing a choice Q of Pauli in that 
decomposition. It is a simple matter to repeat those steps in the current setting. The equivalent 
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of table (15) for our simulator is 
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In Section 6.6 we applied a teleportation identity to derive table (18) from table (15). We apply 
the same teleportation identity here so as to derive the following table from (54). 
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(55) 



We then replaced transposed Paulis with their un-transposed equivalents and employed several 
commutation relations to derive table (25). That derivation can be repeated almost exactly in the 
present context. The only significant difference is that, after commuting Qb,. with T'" and picking 
up a phase of c(r'",QBin)) the two T'" Paulis annihilate each other. The state |(54)) becomes 
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(56) 



44 



We now see that the decryption Pauh P^^ used in the BR-OTP is given by 



By analogy to the formula (28) for the state |(6)) in Section 6.6 we have 

— 1/2 

1(52)) = (|B||Bin||Sin|) Yl «Q,Tin|(56)) • 

Paulis Q 

As before, we wish to employ the Pauh sandwich on M. To this end consider the table 
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obtained from (56) by deleting everything in row M occurring after the operator c-Ua- By analogy 
to the state |<5|^) defined in (30) in Section 6.6, for each Pauli Qiy, define 



(60) 



By analogy to the expression (31) for TrK(preai) derived in Section 6.6, by the Pauli sandwich 
(Lemma 13) we have that the mixed state TrK(/Jsim) from (53) equals 



TrK(/Osim) 



1 



|^||^||B||BiJ|Sin| 



{a\{s\E*Q^ETicj,>E' (IQ'JiQ'J) E*Q^E\o 



E,P,S,a,s,T''",T°'"',T^'"' 



'M-' 

(61) 



As mentioned in Section 6.6, we will derive the expression (33) for psim, from which it will follow 
that the state is close to preai in trace distance as desired. 

6.8.1 In the event of acceptance 

Just as in Section 6.6.1, consider the unnormalized mixed state obtained from the expression (61) 
for TrK(/Osim) by restricting attention to those terms in the summation with syndrome outcome 
s = 0. We can follow the argument of Section 6.6.1 to see that this unnormalized mixed state is 



I ^ 1 1 B 1 1 Bin 1 1 Sin I p^s,a,T'",T°-\T-'-,Qfj, E(i6\{Q^) 



Y HTrA'E'(lQ'M)(Q'Ml)l«) + TrK([esim]) (62) 



show equal to TrK(i?acc) 
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for some choice of [esim] with trace at most e. Henceforth we concentrate only on the indicated 
term of (62). We will show that this term equals TrK(-Racc)- 

Because the syndrome measurement succeeded, our simulator reveals a new register K containing 
a classical description \S') of a decryption key 5". (More about this key later in this section.) The 
unnormalized pure state plus register K can be written 



HIQ'M)l^') = E"Q,T.n|(64)) 



(63) 



where the table (64) is given by 
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Similar to Section 6.6, (except now the control-bit switch is set to |off)) we may now employ the 
identity (4) from Section 6.1.1 to get 
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(65) 



so the state |(64)) becomes 
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Write 



=X«Q,T'"I(66)) 



(67) 



so that the highlighted term in (62) becomes 
1 



|^||^||B||Bin||Sin|2- 



E 



E TrA'E'(\Q'^,S'){Q'^,S'\ 
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By repeating the analysis of Section 6.6.3 it is easy to see that the final decryption Pauli S' produced 
by the simulator is the logical Pauli induced on the data register by code E and Pauli 

5r-V„(prr)g^^^ . (69) 

Finally, we claim that the expression (68) equals R^cc from (41). To justify this claim we observe 
the differences between the tables (39) and (66). The only differences are 

1. T'£ has been replaced with T^"^ in the encryption Paulis for Bout; A, E and in the final decryp- 
tion key S' . 

2. U is applied to the auxiliary registers A', E' that are discarded by the simulator instead of the 
registers A, E in the environment's possession. The sender's portion of the input state |V')a is 
contained in register A' instead of A. 

The first difference is eliminated by the uniformly random encryption Pauli P; the summation over 
rps\m ^gg^ pg^j^ eliminated by a simple change of variable, summing over PT'^T^"^ instead of P. 
The second difference is trivial because the registers A, E are encrypted anyway. In particular, |(39)) 
can be obtained from |(66)) by swapping (A', E') for (A, E) prior to encryption of those registers. 
Since A, E are encrypted, such a swap cannot be detected. 



6.8.2 In the event of rejection 



Just as in Section 6.6.2, consider the unnormalized mixed state obtained from the expression (61) 
for TrK(/Osim) by restricting attention to those terms in the summation with syndrome outcome 
s 7^ 0. We can follow the argument of Section 6.6.2 to see that this unnormalized mixed state is 
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(70) 



We will show that the expression (70) equals TrK(-Rrej)- 

Because the syndrome measurement failed, the register K revealed by the simulator is com- 
pletely mixed and so we can ignore it for the rest of this analysis. The unnormalized pure state 
("I^m,£(e)I^'m) ^™ be written 



(71) 



where the table (72) is given by 
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(72) 



47 



For each Q 



M,l{E) 



let 



U,l(E)\ 



denote the modified vector of magic state measurement 



results. As in Section 6.6.2 we may now employ the identity (4) from Section 6.1.1 to get 
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so the state |(72)) becomes 
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(74) 

In the case of rejection the sender has no information about the encryption Paulis '^a{PT'£)BoMJ 
7ra{PT'£) ^, and 7ra{PT'£)^. Thus, any unitaries that appear immediately before the encryption 
Paulis are superfluous — they can be removed without affecting the overall state. In particular, we 
get the same state even after we replace Ec-Ua-a' with the identity in the table (74). Furthermore, 
since A', E' are discarded by the simulator, the same logic allows us to replace U with the identity. 
Finally, since registers (A, E) remain encrypted, one could replace the state |(74)) with 
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(75) 



Summing over PT'^T^"^ instead of P and discarding registers (A', E') we see that the above state 
can be interchanged with |(47)) from Section 6.6.2. The desired expression for i?rej follows. 



6.9 Result 

We have thus shown that, no environment of the given in Section 6.4 can distinguish Preah as 
calculated in Section 6.6, from the output psim, as calculated in Section 6.8. Moreover, we argued 
in Section 6.4 that any arbitrary environment is equivalent to an environment of the stated form. 

This yields the proof of Theorem 8, that the protocol described in Sections 6.2 and 6.3 is 
statistically quantum-UC-secure realization of J-^^^ in the case of a corrupt user, in the j^br-otp_ 
hybrid model. 

By combining this with the result that j^BR-OTP ^^^^ realized statistically UC-secure in 
the J-'^"''^-hybrid model (Corollary 2.1), the quantum lifting theorem [UnrlO], and the quantum 
UC transitivity lemma (Lemma 1), we achieve the central result of the paper. Theorem 7: a 
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protocol for non-interactive statistically quantum-UC-secure (in the case of an honest sender and 
potentially corrupt receiver) one-time programs, assuming secure OTM tokens (i.e., in the J^otm_ 
hybrid model). □ 



7 UC security of delegating quantum computations 

We show in this section that our main proof technique can also be used to establish the statistical 
quantum-UC-security of a family of protocols for delegating quantum computations, closely related 
to the protocol of Aharonov et al. [ABOEIO]. Originally studied in the context of quantum interac- 
tive proof systems, the protocol of Aharonov et al. was not originally shown to be secure according 
to any rigorous cryptographic security definition. 

We generalize the protocol of Aharonov et al. to support delegated quantum computation (in 
contrast to only deciding membership in a language) by making two minor modifications. First 
we instantiate the protocol using any encode-encrypt quantum authentication scheme that admits 
computing on authenticated data (such as the trap authentication scheme or the signed polynomial 
scheme as used by Aharonov et al.). Analogously to our main protocol, we also introduce as an aid 
in the proof a control-bit so that the circuit being implemented is a controlled-unitary. 

The ideal functionality we achieve is described in Functionality 4. Following [ABOEIO], we 
describe the functionality in terms of a prover and verifier. 

Functionality 4 Ideal functionality jr^'^'^^s^*'''^ for a quantum channel <I> : A — ^ C. 

1. Create: Upon input register A from the verifier, send create to the prover and store the 
contents of register A. 

2. Execute: Upon input execute from the prover, evaluate ^ on register A, and send the 
contents of the output register C to the verifier. 



Theorem 11. Let $ be polynomial-time quantum computable functionality. Then there exists 
an efficient, quantum interactive protocol which statistically quantum- UC- emulates j:^'''''sated 
the case of a corrupt prover, in the plain model, and where the only quantum power required of 
the verifier is to encode the input and auxiliary quantum registers, and to decode the output. In 
particular, all the interaction is classical except for the first and last messages. 

The proof of Theorem 11 follows as a special case of our main possibility result. In the case of a 
general the registers that the verifier prepares in Theorem 11 are polynomial-size in the security 
parameter. In the interactive proof scenario of Aharonov et al., the input to ^ is the all-|0) product 
state, the output is a single classical bit, and it suffices to implement j^^'^^^^'^'^ with only constant 
security. Given these assumptions, the only quantum power required of the verifier is the ability to 
prepare constant-sized quantum registers in the first round. 

Proof sketch. We view the verifier as the sender in the QOTP, but since the verifier has the input, 
and receives the output, she can encode and decode these herself, so we do away with the necessity 
of the encoding and decoding gadgets. Also, classical interaction is permitted, so we replace the 
BR-OTP with interaction. The simulator and proof are the same. □ 
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Appendices 

A One-time programs for classical, bounded reactive functionali- 
ties (j:-BR-OTP) 



Functionality 5 Ideal functionality foi" a bounded, sender-oblivious reactive function- 

ality. Here, 51(0,61) 1— )• (?7ii,si) and 5j(6j,Sj_i) 1— )• {mi,Si) {i = 2,...,£) are classical functions; 
a represents the sender's input, bi represents the receiver's input for round i (which can depend 
on the input-output behaviour of previous rounds), Si represents the internal state after round i, 
and rrii is the message returned to the receiver after round i. We assume S£ = _L. 

1. Create: Upon input a from the sender, send create to the recipient and store a. 

2. Execute: Upon input {i, bi) where i E {1, ■ ■ ■ ,i} from the recipient, do the following: 

(a) For j = 1, . . . — a gj has not been evaluated, abort. If gi has already been evaluated, 
abort. 

(b) Compute gi{bi,Si-i) = {mi,Si) (if* = 1, compute gi{a,bi) = (mi,si)). 

(c) Output rrii to the receiver. Store Sj and note that gi has been evaluated. 

(d) If m£ has just been output, delete any trace of this instance. 

In this section, we use standard techniques to extend Theorem 2 to sender-oblivious, polynomial- 
time computable, bounded reactive classical two-party functionalities (given as Functionality 5). We 
achieve this result in a straightforward way. In fact, Goyal et al. [GIS^IO, p. 40] suggest that the 
result below would follow from their work. This appendix provides all the details, using some of 
the techniques of Goyal et al. [GIS^IO]. 

A message authentication code (MAC) is a pair of algorithms {MAC,VF), where M ACk{m) 
constructs a tag a for a message m under a key k, and VFk{m, a) returns 1 if a is a valid tag for 
m under key k. A MAC is an unconditional one-time secure MAC if 



Pr 



VFkim, a) = l:k<^{0, 1}", (m, a) ^ AQ (76) 



is negligible in a security parameter k for all probabilistic algorithms A. An example of such a 
MAC is as follows. The key A; is a pair of K-length binary strings (a, 6). The tag for a message 
m G {0, 1}'' is MAC(^a,b)i''T^) = a ■ m + b, where all operations are in GF{2'^). 

The basic idea of the construction (see Protocol 6) is to create a one-time program for each 
next-message function gi in the ideal functionality J'^^'^J^ ■ For this, we need a way to guarantee 
that the receiver executes the COTPs in the correct order, and also let the receiver pass the 
functionality's state information from one COTP to another without revealing this information to 
the receiver. Both of these goals can be achieved via a standard authentication and encryption 
mechanism: we define a family of functions fi that are based on gi and output an unconditionally 
secure authenticated encryption of the sender's internal state at the end of round i; this information 
should be supplied by the receiver as an additional input for /i+i. If the authentication fails, then 
fi outputs _L. 

Theorem 12. Protocol 6 statistically classical-UC emulates F^^'^J^^ in the F'^^'^^ -hybrid model, 
assuming MAC is an unconditional one-time secure MAC. 
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Protocol 6 Protocol for a bounded, sender-oblivious reactive functionality, ^f^'.^J^ in the 
hybrid model. 

1. Key generation. For 1 < ^ < ^ — 1, the sender randomly chooses keys k\ and feg. 

2. Definition of functions. For each 1 < z < ^, given ^j, define /j as follows. 

(a) Inputs of fi. 

• For i = 1, function /i takes as input from the sender a string a, a key k\ for 
message authentication scheme MAC(-), and key which has the same length as 
si. Function /i takes as input from the receiver a bit-string 6i. 

• For i > 1, function fi takes as input from the sender keys A;^~^ and k\ for message 
authentication scheme MAC{-) and keys k^^''^ and /cq which have the same length 
as Si-i and Sj, respectively. Function /j takes as input from the receiver bit-strings 

(b) Computation of fi. 

• If i = 1, compute gi{a, hi) to obtain the message mi as well as internal state Si. 

• If i > 1, check that l/F^^i-i (cq""*^, c*^~"^) = 1. If not, output _L. Else, set Si-i = 
Cq"^ ® ^o"^- Compute gi{bi,Si-i) to obtain the i^^ message nii as well as internal 

StcltG S'l . 

(c) Outputs of fi. 

• Hi <£, output {rrii, Si ® fe^, MAC^i^ (sj ® kl)). 

• li i = i, output {rrii, ±). 

3. COTP construction. The sender uses J^^^'^^ to create one-time programs for /i, ... , 

4. Evaluation. The receiver evaluates gi, . . . ,g£ by doing the following: 

• If i = 1, run J^j"^"^^ on input bi and obtain (mi, cj, c|[). 

• If i > 1, run on input (6^, Cq"^, c^~^) and obtain (mi,CQ,c\). 
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By Theorem 2, there exists a non-interactive protocol p that classical-UC-emulates J^'-'*-*tp \^ 
the J^^"'"^-hybrid model. Thus we have Corollary 2.1 as given in the main text. 
We finish this section with a proof of Theorem 12. 

Proof of Theorem 12. The proof proceeds by considering security against either a malicious sender 
or a malicious receiver. 

Security against a malicious sender. Let A be an adversary corrupting the sender in Protocol 6. 
We construct a simulator Sim^ for A. 

The simulator is defined as follows: execute A on input given by Z. This execution determines 
inputs for F^'^"^^ , and in particular, it determines the sender's input a. 

We say that the senders's keys are consistent if, for each i, the keys k\ and /cq^^ are self- 
consistent between instantiations of J^p^"*"^ and J^P*-*"'"^ (i.e., the ideal functionalities are called 
with the corresponding same inputs). If the sender's keys are consistent, then an execution of 
Protocol 6 with an honest receiver will not abort. 

Thus, if Sim_4 detects that the sender's keys are not consistent, Sim_4 inputs ABRT into the 
ideal functionality -T^^^.^'g'^. Otherwise, Sim^ inputs a for the sender. 

We thus have the following: 

1. protocol 6 is non-interactive; 

2. the probability of ABRT in the ideal model is independent of the receiver's input; 

3. an honest sender will not cause the protocol to abort. 

Together, these imply that the real and ideal networks are perfectly indistinguishable. 
Security against a malicious receiver. 

Let A be an adversary corrupting the receiver in Protocol 6. We construct a simulator Sim^i, 
given as Simulator 1. 



Simulator 1 Simulator Sim_4, for the proof of Protocol 6 against a malicious receiver. 



1. For i = 1, . . . choose keys and as in Protocol 6. 

2. Start the execution of A on the input given by ^; set i = 1. 

rC( 

f^ 



3. Execute A until a call to the ideal functionality J^P*-*"'"^ occurs. Do the following in order to 



simulate interaction with the ideal functionality. 

(a) For J = 1, . . . , i — 1, if Tj"^^^^ has not already been evaluated, abort. 

(b) Let (Tj be ^'s input into JtCOTP 



i. if i = 1, forward ai to ^^"^.""^g^ and receive as response mi. Choose a random state w, 
and return {mi,w © kQ,MACf.i{w © A;q)) to ^. 

ii. if z > 1, interpret at as (ftj, Cq"\ 4"^). Check that VFi^^i-i{cl~^ ,c\~^) = 1. If not, 
output _L. Forward bi to J^^'^.'^^^ and receive as response m^. Choose a random state 
Wi, and return {mi,Wi © k^, MAC^i^ {wi © feg)) to A. 

U i < £, return to step 3. Otherwise, output ^'s output. 



The real and ideal networks are indistinguishable: in the real world, the adversary can succeed 
in out-of-order querying with probability at most the probability of generating a forged MAC, which 
is negligible since the MAC is secure and A can succeed in making an OTP accept an incorrect 
internal state also with negligible probability. □ 
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B Properties of encode-encrypt authentication schemes 

B.l Security against Pauli attacks implies security against general attacks 

Parts of this section are reproduced from Aharonov, Ben-Or, and Eban [ABOEIO]. 

B.1.1 How Pauli attacks affect the state of the system 

A Pauli attack on a family S of codes has the following form. 

1. The data register D is encoded under a uniformly random choice of code E £ hy preparing 
(X, Z) in the |0) state and applying E to (D,X, Z). 

2. A malicious attacker applies a Pauli operator Q to (D,X,Z). 

3. Data is decoded by applying the inverse operator E* to (D,X, Z). 

4. The syndrome registers (X, Z) are measured in the computational basis. A non-zero measure- 
ment result indicates cheating. 

The first three steps of this protocol induce a channel of the form 

*Q : D ^ (D,X,Z) : ^ ^ E*QEip (E) \0){0\)E*Q* E . 

Let [X], [Z] denote the projectors onto the state |0) for syndrome registers X, Z, respectively. The 
state of the data register D after the syndrome measurement of step 4 is 

Trxz([X][Z]*Q(;9))+Trxz((/-[X][Z])*Q(/,)) . (77) 

Let us examine the terms associated with each measurement outcome. For each Pauli Q we define 
the following partition of S': 

S'xziQ)'- The set of codes E £ S for which Q acts trivially on logical data and has no error 
syndrome. 

Sxz\{Q)'- The set of codes E £ S' for which Q acts non-trivially on logical data but has no 
error syndrome. 

<^xz${Q)- The set of codes E £ S for which Q has non-zero error syndrome. 

For each code G let Qi(^E) denote the logical Pauli induced hy Q^E and observe that if 
E G ^xz{Q) then Qi,(e) = I- Then 

T,xzm[Z]^Q{p)) = ^ QiiE)PQ*e^E) + AT E QiiE)PQe^E) (78) 

(79) 

If S is e-secure against Pauli attacks (according to Definition 9) then by definition the term marked 
[e(Q)] in (78) has trace at most e and so it must be that |<^xz!(Q)|/|'^| < e for all Q. 

\i Q = I then Qg(^E) — ^ foi' all E £ and Sxz{Q) = In this case the terms [e(Q)] and (79) 
both vanish and the state of the system is simply p as required for any authentication scheme. 
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|gxz(Q)L 

Trxz ((/ - [X][Z])^q{p)) = ^ Q^(E)PQ\e) 



B.1.2 The Pauli sandwich 



As mentioned in Section 4.1, encode-encrypt authentication schemes have the desirable property 
that the Pauh encryption breaks up an arbitrary attack into a probabihstic mixture of Pauh at- 
tacks. This property hinges upon a key lemma that we call the Pauli sandwich; it is a direct 
consequence of the Pauli twirl [DCEL09]. A succinct proof can be found in Aharonov, Ben-Or, and 
Eban [ABOEIO]. 

Lemma 13 (Pauli sandwich (see [ABOEIO])). Let W be an arbitrary operator acting on n-qubits 
and let Q, Q' be Pauli operators acting on n-qubits. It holds that 



I V P-QPH/P-Q'-P = = (80) 

n ^ ^ ^ 10 nth.priinftp ^ ' 

Paulis P 



4" ^ I otherwise 



To see how the Pauli sandwich breaks up an arbitrary attack into a mixture of Pauli attacks 
let U be any operator acting on a register of n-qubits, let U = X^pauUs Q '^qQ be a decomposition 
oi U as a linear combination of Pauli operators, and consider the channel 

^-■P^i^ E P*UPpP*U*P=^ E aQC^P*QPpP*Q'*P (81) 

Paulis P Paulis P Paulis Q, Q' 

It follows immediately from the Pauli sandwich (Lemma 13) that 

^■.p^ Wq?QpQ* (82) 

Paulis Q 

That is, if an adversary applies a unitary attack [/ to a register encrypted with a uniformly random 
Pauli P then the resulting state after decryption is indistinguishable from a simplified attack where 
the adversary instead applies a Pauli attack Q chosen at random according to the distribution 

{|«QP}- 

This observation holds for arbitrary operators U (not just unitary operators) so it can easy 
be extended to arbitrary non-unitary channel attacks $ by applying a similar analysis for each 
operator in a Kraus decomposition of 



B.1.3 How general attacks affect the state of the system 

An arbitrary attack on an encode-encrypt authentication scheme based on a family S of codes has 
the following form. 

1. A data register D is authenticated by encoding it with a random code E £ ^ (implicitly 
introducing syndrome registers X, Z) and then encrypting the encoded n-qubit system (D, X, Z) 
with a random Pauli P. 

2. A malicious attacker applies a channel ^> to the n qubits comprising the registers (D,X,Z). 

3. The system is decrypted by applying the Pauli P* and decoded by applying the inverse circuit 
E*. 

4. The syndrome registers (X, Z) are measured in the computational basis. A non-zero measure- 
ment result indicates cheating. 
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As mentioned previously, it suffices to restrict attention only to unitary attacks $ : X i— )• UXU*; 
security against arbitrary channels is recovered by applying the same analysis to each operator in 
a Kraus decomposition of The first three steps of this protocol induce a channel ^jj of the form 

M/f/ : (D,X,Z) (83) 

P'^^lH E E*P*UPE{p^\0){0\)E*P*U*PE (84) 

' ' _BG# Paulis P 

Let U = X^Pauiis Q '^qQ be a decomposition of U into a linear combination of Paulis so that the 
channel could equivalently be written 

"^u-P^^lYl E E c.QaQ^E*P*QPE{p0\O){O\)E*P*Q'*PE (85) 

' ' EGrf Paulis P Paulis Q, Q' 

= ^E E M'E*QE{pC^\0){0\)E*Q*E (86) 

' ' EeS" Paulis Q 
Paulis Q 

with the first equality following form the Pauli sandwich (Lemma 13). 

The state of the register D after the syndrome measurement of step 4 is 

Trxz {[X][Z]^u{p)) + Trxz ((/ - [X][Z])^ u (p)) ■ (88) 

As before, let us examine the terms associated with each measurement outcome. We have 

Trxz([X][Z]*t;(p))= |aQ|2Trxz([X][Z]*Q(p)) (89) 

Paulis Q 



Paulis Q 

where the second equality is from (78). From the expression (90) one can see that the probability 
of acceptance is a nondecreasing function of the modulus squared of a/. In particular, the more 
weight U places on the identity in its Pauli decomposition, the better the chance that the attack 
U is successful (and the least likely it is to have any effect on the state). 

For completeness we explicitly write the term associated with outcome / — [X] [Z] : 

Trxz{{I-[X][Z])^u{p))= E l«Ql'Trxz((/-[X][^])^Q(/5)) (91) 

Paulis Q 



E E QiiE)PQ*eiE)] (92) 



I 

Paulis Q \ ' ' SG<rxz0(Q) 

B.2 Measure-then-decode equals decode-then-measure for CSS codes 

CSS codes have the property that measurement of logical data in the computational basis can be 
implemented by bitwise (transversal) measurement of the physical qubits in the encoding, followed 
by a purely classical decoding process. 
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More concretely, suppose E' is a CSS code that encodes one logical qubit into n physical qubits. 
For each value of the bit a £ {0, 1} there exists a set De{o) of n-bit strings such that the encoded 
logical basis state E\a) is an equal superposition of strings in De^cl)'- 



E\a) 



1 



(93) 



Bitwise measurement of E\a) in the computational basis yields a string b £ De{o) selected uniformly 
at random. The sets De{^)t De{^) are disjoint so the logical measurement result a can be deduced 
by identifying the set DE{a) from which b was drawn. Moreover, given an arbitrary n-bit string c 
there is an efficient classical algorithm that computes the function 



Decode^; : c i— )• (a, s) 



(94) 



where s is an n-bit syndrome string with the property that c(B s S De{o)- 

Suppose instead that our logical qubit is authenticated under an encode-encrypt scheme based 
on a family S of CSS codes and fix a choice of key {E, P) indicating the CSS code E and Pauli 
encryption P. In this case measurement of the logical qubit can still be implemented by bitwise 
measurement of the authenticated qubit. The only difference is that the X-portion P\x of the Pauli 
key P indicates a mask to be applied before the classical decoding process. This simple process 
could be drawn as follows. 



authenticated quantum data 



PI 



X 



Decodes 



decoded bit a 
syndrome s must be 



(95) 



The analysis later in this paper is better facilitated by writing this process in a different form. We 
claim that the above process (95) of measure-then-decode on classical data is equivalent to the 
following process of decode-then-measure on quantum data: 



authenticated quantum data — P 



E* 



decoded bit \a) 

X-syndrome must be |0) 
Z-syndrome traced out 



(96) 



To prove the claim it suffices to show that the decode-then-measure circuit (96) accepts an 
encrypted n-qubit computational basis state P|c) if and only if c € DE{a) for some bit a. It is clear 
that if |c) does not meet this condition then it will be rejected by (96), so suppose that it does. It 
is a property of every CSS code that |c) can be written as a superposition of states of the form 
QE\a) where Q is a purely Z-Pauli. That is, 



E 

Z-Paulis Q 



an 



}QE\a) 



(97) 



for some complex amplitudes {ocq}- Thus, the encrypted basis state P\c) is accepted by (96) and 
decodes to la) as desired. 
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B.2.1 How general attacks affect the decode-then-measure process 

In Section B.1.3 we analyzed the effect of an arbitrary attack on tfie state of a system protected by 
an encode-encrypt authentication scheme. In this section we are interested in the effect of such an 
attack on the decode-then-measure process when the scheme is based on a family S of CSS codes. 
The protocol for such an attack is identical to the protocol of Section B.1.3 except that step 4 is 
replaced with the following. 

4. The data register D is measured in the computational basis. The syndrome register X is 

measured in the computational basis; a non-zero measurement result indicates cheating. The 

syndrome register Z is discarded. 
As usual, it suffices to restrict attention only to unitary channels $ : X i— )■ UXU* for some unitary 
U with Pauli decomposition U = X^Pauiis Q '^qQ- The state of the register D after the measurements 
step 4 is 

E E E Trxz(MM/Q(p))| |a)(a|. (98) 

Paulis Q aG{0,l} \Mg{[X],/-[X]} / 

As before, let us examine the terms associated with each measurement outcome {[X], I — \X]}. The 
analysis here is slightly more complicated than in previous sections, owing to the fact that only 
the X-syndrome is verified in the decode-then-measure protocol. For each Pauli Q we define the 
following partition of S: 

<^x{Q)- The set of codes E €z S" for which Qe{E) is ^ purely Z-Pauli and Q has no X-error 
syndrome. 

<^x\{Q)- The set of codes E ^ S for which Qe{E) has nontrivial X-component but Q has no 
X-error syndrome. 

(PX0(Q): The set of codes E £ £" ior which Q£(^e) has non-zero X-error syndrome. 
Then for each Pauli Q we have 

1Vxz([X]*q(p)) = ^ E Qi(E)PQ*iiE) + Aj E Q^iE)pQeiE) (99) 



lexiQ)] 

Trxz ((/ - [X])^q{p)) = ^ E QmPQiiE) ■ (100) 

It is a property of every CSS code E that if Q is a purely X- or Z-Pauli then the logical Pauli Qh^e) 
induced by E is also a purely X- or Z-Pauli. Thus, if is e-secure against Pauli attacks and if 
Qi(^E) has nontrivial X-portion then Q must have nontrivial X-syndrome with probability at most 
e taken over the choice of code E £ In particular, the term marked [ex(Q)] in (99) has trace at 
most e and it must be that |(ox!(Q)|/|<^| ^ £• 

On the other hand, if Qi(^E) is a purely Z-Pauli (which is always the case when E G <^xiQ)) 
then 

\a){a\Qe(E)PQe{E)W){(^\ = k)(a|/5|a)(a| (101) 
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for each a G {0, 1}. It follows that the term in (98) associated with outcome [X] is equal to 



^ lagp I«)H(^^P+N(g)])|a)(a|. (102) 

Paulis Q ae{0,l} VII / 

Moreover, if Q is a purely Z-Pauli then for every E £ ^ it holds that Qk^e) is also a purely Z-Pauli 
and that Q has no X-syndrome under E. That is, <^x{Q) = ^ and the terms [ex(Q)] and (100) 
both vanish. Thus, one can see from the expression (102) that the probability of acceptance is 
a nondecreasing function of X^^.pauiisQ I'^Qp- particular, the more weight U places on purely 
Z-Paulis in its Pauli decomposition, the better the chance that the attack \J is successful (and the 
least likely it is to have any effect on the measured state). 

For completeness we explicitly write the term in (98) associated with outcome / — \X\: 



Paulis Q aG{0,l} \' ' Sg<rx0(Q) / 



C Analysis of teleportation 

Suppose that a pair of n-qubit registers (In, Out) is prepared in a "teleport-through-C" state for 
some n-qubit unitary C . Such a state is constructed by preparing n copies of the entangled state 
(|00) + |ll))/\/2 in the registers (In, Out) and then applying C to register Out. Suppose further 
that an n-qubit register D is prepared in an arbitrary pure state \'^) with the intention that this 
state be teleported through C to qubit Out by way of a standard Bell measurement on (D, In). 

The Bell measurement is implemented in the usual way by applying an n-fold Bell rotation B 
(each composed of cnot and H gates) to the registers (D, In) followed by a measurement of those 
two registers in the computational basis. After this measurement the registers (D,ln) are in the 
classical basis state |T) indicating a uniformly random Pauli correction T . Conditioned on this 
measurement outcome, it is easily seen that the pure state of register Out is CT\i\)). 

In the basic teleportation protocol C is the identity and so the state \'^) can be recovered 
by applying the appropriate Pauli correction T, thus "teleporting" the state \'^) from register D 
to register Out. If C is a Clifford circuit then the state C\'^\)) can be recovered by applying an 
appropriate Pauli correction Tc, thus "teleporting" the state from register D "through C" and 
into register Out. 



C.l Teleportation under attack 

Now suppose that all three registers (D, In, Out) are passed through a channel <I> prior to the Bell 
measurement. One could think of <I> as noise, or perhaps a malicious attack on the registers. How 
does $ affect the teleportation? In particular, what is the state of the system after the Bell 
measurement is complete? 

Let's start with the special case where $ is a product unitary U = Ud0 U\n (8> f/out- In this case 
the pure state of the entire system after the Bell rotation is easily seen to be 

^ ^ \T)®UoutCU;l,TUo\^P). (104) 

Paulis T 
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Measurement of (D, In) then yields a uniformly random outcome T leaving register Out in the pure 
state 



Uo^,CUlTUu\ 



(105) 



The mapping (104) is linear in each of f/o; f^in, f^Out so it can be used to deduce the effect of 
arbitrary, possibly non-product unitaries U on the state of the registers. This is accomplished by 
decomposing U into a linear combination of product unitaries and then applying the above identity 
to each term in that decomposition. For example, let 



U 



(106) 



Paulis P 



be a decomposition of U into a linear combination of Pauli operators of the form P = Po®P\n®Pout- 
By the above analysis it holds that the pure state of the entire system after the Bell rotation is 
given by 



^ E 1^) ® ( E '^pPou.cpiTpA 

Paulis T \Paulis P / 



(107) 



Measurement of (D, In) yields an outcome T leaving register Out in the unnormalized pure state 



^ apPoutCPilTPo 



(108) 



vPaulis P 



The distribution of measurement outcomes T obtained by measurement of (D, In) need not be 
uniform, owing to the potential for interference in the sum over amplitudes ap. 

This analysis applies even to non-unitary operators U . Thus, a similar expression can be derived 
for arbitrary, possibly non-unitary channels <I> by applying the above analysis to each individual 
Kraus operator in a Kraus decomposition of ^. 



C.2 Teleportation under attack, tabular analysis 

It is a useful exercise to repeat the analysis of the previous section in light of the tabular notation 
introduced in Section 6.5. Let us recall the specification of the attack on teleportation: 

1. Registers (In, Out) are prepared in the pure state C\(j)'^) where is shorthand for n EPR 
pairs. 

2. An arbitrary attack unitary U is applied to (D, In, Out). 

3. A Bell measurement is applied to (D, In) by via Bell rotation B followed by a measurement 
in the computational basis, which is denoted {|T)(T|}. 

The entire procedure may be viewed as a channel 

$ : D ^ (D,ln,Out) (109) 
E \T){T\BUC {p®\(l)+){(l)+\)C*U*B*\T){T\ . (110) 

Paulis T 

For each fixed Pauli T consider the Kraus operator 

\T){T\BUC\(t)+) (111) 
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belonging to the channel This Kraus operator is represented by the following table. 



D 


\T){T\ 


B 








In 


U 




10+) 


Out 








c 





(112) 



Substituting the Pauli-decomposition (106) of U into the Kraus operator (111) yields 

(111)= <^p\T){T\BPC\<t>+) . 



(113) 



Paulis P 



Fix a choice of Pauli P = PD®P\n®Pout and consider the operator \T){T\BPC\4)~^) . This operator 
can be written in tabular form 



D 


\T){T\ 


B 


Pd 






In 


P\u 




10+) 


Out 






POut 


c 



(114) 



so that 



(112) = ap (114) 



(115) 



Paulis P 

The observations of the previous sections can be phrased as an identity between tables: 





D 












2"/2 ^) 


(114) = 


In 














Out 




C 




T 


Pd 




convenient to simply remove the rows (D, In) and write 




Out 


POut 


c 


P'^ 


T 


Pd 





(116) 



so that 



112) 



2"/ 



:ii7) 



:ii8) 



Paulis P 
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